OK, so that’s cleared that question up then. Or not. According to John Foley of Information Week, the chief complaint about cloud computing isn’t that it doesn’t exist, but that we’ve been doing it for years. “As that argument goes, ASPs, outsourcing, Web site hosting, and browser-based applications are all forms of cloud computing, so what’s really new here?”
The term has been bandied around for a year or so now and even now, in late 2009, debates still rage on the web as to what it is, what it is not, and whether it’s good or bad. NMM has noticed a flurry of seminars and workshops springing up to talk about Cloud Computing with speakers including the Great and the Good from industry and retail. So what IS it? Well, we’ve borrowed John Foley’s definition here, because it’s pretty good:
“I’ve come up with seven characteristics that together make cloud computing different from what’s come before:
Off-site. A basic principle of cloud computing is that you’re accessing IT resources that are in a data center that’s not your own. That means you don’t buy the servers and storage, someone else does. So-called private clouds are the exception, but forget them for this discussion.
Virtual. IT resources in the cloud can be assembled with drag-and-drop ease. Employing virtualization, cloud service providers let you assemble software stacks of databases, Web servers, operating systems, storage, and networking, then manage them as virtual servers.
On demand. In the cloud, you can add and subtract resources, including number and type of processors, amount of memory, network bandwidth, gigabytes of storage, and 32-bit or 64-bit architectures. You can dial up when you need more, and dial down when you need less.
Subscription style. These tend to be month-to-month deals, often payable by credit card, rather than annual contacts. Amazon charges in intervals of 10 cents per hour for EC2.
Shared. For economies of scale (that’s what cloud computing is all about), many service providers use a multitenant architecture to squeeze workloads from multiple customers onto the same physical machines. It’s just one of the things that distinguish cloud computing from outsourcing and from hosted data centers.
Simple. Many of the cloud services providers — whether they specialize in application hosting, storage, or compute cycles — let you sign up and configure resources in a few minutes, using an interface that you don’t have to be a system administrator to understand.
Web based. Others might make this characteristic #1, but I put it last to make the point that there’s more to cloud computing than the Web. That said, it does involve browser access to hosted data and resources.
Put them together and you have my definition of cloud computing: Cloud computing is on-demand access to virtualized IT resources that are housed outside of your own data center, shared by others, simple to use, paid for via subscription, and accessed over the Web. The definition applies to server-as-a-service offerings such as Amazon’s EC2, as well as to software-as-a-service, storage-as-a-service, Ruby-on-Rails-as-a-service, and so on.”
Well said, John.
Benefits of the cloud
Saving Money: Cloud Computing theoretically offers an alternative to companies buying in expensive software, hardware and applications. It takes a lot of expensive assets off the balance sheet and converts them to current expenses. Cloud computing also promises to let us dial up the computing resources they we on a pay-as-you-go basis.
The other main benefit is scalability. One aspect is access to supplementary computing resources over and above what is available in-house. The other is access to an almost infinitely graduated number-crunching capacity somewhere in cyberspace.
In some ways cloud computing harks back to the early days of time-sharing. The primary offerings now, as then, are rented access to processing cycles, storage, networking and applications. Only this time, the scope is global, always on, and open, rather than local, batch and proprietary.
Why Now?
What makes cloud computing possible is the revolution in communications technology over the past 20 years. This has shifted from expensive analogue telephony to cheap digital internet-based networking. Information technology suppliers are racing to catch the networking wave. They aim to erase the user’s awareness of the location of the processed data by making access and presentation of information fast and transparent.
Already 55,400 firms use Salesforce.com to manage customer relations and logistics for 1.5 million customers. Just over 400 million people use Skype to make international phone calls and share files. Google and Microsoft are locked in battle for first rights to the users’ desktop, with standard office and other applications, while online bookseller Amazon wants to store their records with archival processing and storage such as Elastic Cloud Computing (EC2).
Converts
The cloud can deliver simplicity, but it takes commitment. Google succeeded in persuading the publishers of the Daily Telegraph and the Guardian to switch to Google Apps for office workers and journalists.
Guardian News & Media CIO Andy Beale said the new package, which included Google Docs, Google Calendar, Google Sites, Google Video and Google Mail, would pay for itself quite quickly, when he announced the deal in February. “Being able to offload commodity services to someone else at a cost-effective price makes a lot of sense. We will save money, and we are getting a lot more useful product for significantly less money,” he said.
Trusted partners
Closer to the old time-sharing deals, these relationships will be contractual and will include service level agreements. They might possibly also include risk and profit-sharing targets and incentives. Information processed here will likely be response time-dependent (hence the need for SLAs) and will probably deal in confidential or sensitive information.
There are already many examples of this. Many corporate websites are outsourced to trusted third parties and many run transactions on them that feed the corporate enterprise systems. Similarly, few companies wash their own e-mail these days. They rely on firms like MessageLabs to filter the net’s spam and malware load before they hit the corporate firewall.
Applications on cloud platforms
This is where Microsoft, with its forthcoming Azure product set, and Google with its Apps, will fight it out. In the same way that Salesforce.com, Apple, Google and Symbian have provided tools and standards that other software developers can use to build applications that run on their platforms, so Azure provides standard web protocols and tools like XML, .Net, Soap and Rest. Microsoft promises that developers who use these tools will end up with cloud-ready applications.
The Security Issues
At last week’s Black Hat USA conference in Las Vegas, a number of security researchers demonstrated new ways of attacking cloud computing services. One of the more notable presentations, “Clobbering the Cloud,” looked at the vulnerabilities in Amazon’s cloud infrastructure, Apple’s MobileMe service, and Salesforce.com’s cloud platform. Another demonstration showed how both Microsoft and Amazon used insecure methods for password retrieval. And still another presentation examined how the supposedly secure protocol SSL could be defeated.
But hacks alone aren’t the only dangers to be found when moving to the cloud, as the Black Hat presentations quickly made clear. In reviewing the dangers brought up by the researchers, it was enough to make anyone wonder: is cloud computing putting us and our data at risk?
All Your Eggs in One Basket
Not too long ago, we saw a perfect example of the worst-case scenario of doing just that. Earlier this year, social bookmarking site Ma.gnolia experienced a server crash that resulted in massive data loss – enough to shut down the service for good. Users’ bookmarks were unrecoverable. Permanently.
While that incident may have had only a minimal impact on the world at large, there are a few other examples that were much worse including that of online storage service MediaMax (also called The Linkup) which went out of business following a system administration error that deleted active customer data. Then there was the incident where Salesforce.com customers were locked out of their critical business applications during a service outage. And finally, they mentioned Nokia’s Ovi crash which resulted in three weeks of lost user data as contacts simply disappeared from people’s phones. There were no backups in place, either.
Reliance on Passwords
Another issue with cloud computing services is that, despite the numerous protections built into a cloud service itself, any account is only as secure as the password used to access it. A recent example of the consequences of insecure passwords was seen during what has now become known as “Twittergate.” The microblogging service Twitter had their online accounts accessed by a hacker and numerous sensitive corporate documents stolen. The documents were housed in Google’s online web office service Google Docs. Although Google was not to blame for the break-in, the hack may not have ever occurred in the first place if documents were securely hosted on-site, behind a firewall. Instead, the entire company data was only one password crack away from discovery.
Password cracking is not the only threat from what is seemingly becoming a more and more archaic system for logging into online services. Weak password recovery systems are an issue, too. In a separate presentation at Black Hat, both Amazon and Microsoft’s Online Services came under fire for having poor password recovery systems.
Of course, this issue is not new. IT administrators have struggled with users’ lack of good security practices for years on end. Ever since computers required a password, in fact. However, the difference between a corporate network and an online account is that in a business environment, administrators can create server-enforced password policies that require users to make up passwords with certain minimum levels of complexity. They can also force users to reset their passwords on a regular basis. But in the cloud, a user could set their password to “fluffy” and never change it again.
Some cloud vendors are beginning to offer security policy control for their applications which would allow an IT admin to create and enforce stricter policies (like a secure password policy, for instance). Today, though, this is an area where many cloud applications are still lacking.
Encrypting Data in the Cloud
Many cloud providers do not offer encryption for their service- a little-known flaw in virtual computing is that virtual machines don’t always have enough access to the random numbers needed to properly encrypt data. The details of this issue are highly technical, but fascinating, and the end result is that the very nature of virtual computing itself makes hacking simpler because it allows attackers to more easily guess the numbers used to generate the encryption keys.
So, Is the Cloud Safe?
Considering the above issues, you may find yourself thinking twice about your reliance on cloud services. And if you listen to security analysts like John Pescatore of Gartner, you may be even more afraid. He was recently quoted in the Financial Times as saying:
“The security of these cloud-based infrastructure services is like Windows in 1999. It’s being widely used and nothing tremendously bad has happened yet. But it’s just in early stages of getting exposed to the Internet, and you know bad things are coming.”
But is the cloud really all that bad? Is it any worse of a platform for computing than what we had before? In reality, probably not.
Today’s cloud services may not be as secure as they should be, but in time they could easily rival any other computing platform… in fact, they may one day be considered more secure. Until then, though, users, and especially companies, should proceed with caution when moving to the cloud, making sure they’re fully aware of not only the capabilities of the online service, but the risks as well.
Tags: cloud computing, Digital, digital marketing
Posted in Articles