IEET > Rights > GlobalDemocracySecurity > Fellows > Jamais Cascio > PrivacySurveillance > Cyber
Cloud computing: Threat or Menace?
Jamais Cascio   Jan 19, 2009   Open The Future  

I did some sustainability consulting recently for a major computer company. We focused for the day on building a better understanding of their energy and material footprint and strategies; during the latter part of the afternoon, we zeroed in on testing the sustainability of their current business strategies. It turned out that, like many big computer industry players, this company is making its play in the “cloud computing” field.

(“Cloud computing,” for those of you not up on industry jargon, refers to a “a style of computing in which resources are provided “as a service” over the Internet to users who need not have knowledge of, expertise in, or control over the technology infrastructure.” The canonical example would be Google Docs, fully-functional office apps delivered entirely via one’s web browser.)

clouds2x4440x.pngLots of big companies are hot for cloud computing right now, in order to sell more servers, capture more customers, or outsource more support. But there’s a problem. As the company I was working with started to detail their (public) cloud computing ideas, I was struck by the degree to which cloud computing represents a technical strategy that’s the very opposite of resilient, dangerously so. I’ll explain why in the extended entry.

But before I do so, I should say this: A resilient cloud is certainly possible, but would mean setting aside some of the cherished elements of the cloud vision. Distributed, individual systems would remain the primary tool of interaction with one’s information. Data would live both locally and on the cloud, with updates happening in real-time if possible, delayed if necessary, but always invisibly. All cloud content should be in open formats, so that alternative tools can be used as desired or needed. Ideally, a personal system should be able to replicate data to multiple distinct clouds, to avoid monoculture and single-point-of-failure problems. This version of the cloud is less a primary source for computing services, and more a fail-safe repository. If my personal system fails, all of my data remains available and accessible via the cloud; if the cloud fails, all of my data remains available and accessible via my personal system.

This version of cloud computing is certainly possible, but is not where the industry is heading. And that’s a problem.

                 

For big computer companies, the cloud computing model breathes new life into the centralized server markets that were once their bread-and-butter, as they offer high profits on sales and service contracts. Cloud computing doesn’t just use a server to store and transfer files, it uses the servers to do the hard computing work, too, in principle making your personal machine little more than a fancy dumb terminal. Companies that already have significant server and bandwidth space, such as Amazon and Google, love the idea because it offers them more ways to lock users in to proprietary formats and utilities. For many of the corporate users looking at cloud services, that’s a worthwhile trade-off to avoid having to deal with continuously expanding IT expenditures. Let the cloud companies worry about the software and hardware upgrades; all we need to handle are the dumb terminals.

Cost-effective, perhaps. But by no means resilient.

Recall that the core premise of a resilience strategy is that failure happens, and that the precise mode of failure can’t necessarily be predicted. Resilience demands that we prepare for unexpected problems so as to minimize actual disruption—minimize in terms of time, but particularly in terms of how widespread the disruption may be.

Resilience design principles include: Diversity (or avoidance of monocultures); Redundancy; Decentralization; Transparency; Collaboration; Graceful Failure; Minimal Footprint; Flexibility; Openness; Reversibility; and Foresight. As per Jim Moore’s comments on this post, we should add “Spare Capacity” to the list.

How does cloud computing match up?

On the positive side, the standard (Google Apps) model for cloud computing does well with collaboration, reversibility, and (arguably) spare capacity. While the collaboration and reversibility aspects of these apps could likely be replicated with standard desktop software, they’re definitely intrinsic to the cloud approach. These are fundamental to the appeal of the cloud model.

Conversely, cloud computing clearly falls well short in terms of diversity, decentralization, graceful failure, and flexibility; one might also include redundancy, transparency, and openness on the negative list.

Here’s where we get to the heart of the problem. Centralization is the core of the cloud computing model, meaning that anything that takes down the centralized service—network failures, massive malware hit, denial-of-service attack, and so forth—affects everyone who uses that service. When the documents and the tools both live in the cloud, there’s no way for someone to continue working in this failure state. If users don’t have their own personal backups (and alternative apps), they’re stuck.

Similarly, if a bug affects the cloud application, everyone who uses that application is hurt by it. As the cloud applications and services become more sophisticated (well beyond word processors and spreadsheets), the ability to pull up an alternative system to manipulate the same data becomes far more difficult—especially if the failed cloud application limits access to stored content.

Flexibility suffers when one is limited to just the applications available on the cloud. That’s not much of a worry right now, when most cloud computing takes place via normal laptops and desktop computers, able to load and run any kind of application. It’s a greater problem in the future envisioned by many cloud proponents, where people carry systems that provide little more than cloud access.

There’s also the issue of how well it fares when network access is spotty or degraded.

In short, the cloud computing model envisioned by many tech pundits (and tech companies) is a wonderful system when it works, and a nightmare when it fails. And the more people who come to depend upon it, the bigger the nightmare. For an individual, a crashed laptop and a crashed cloud may be initially indistinguishable, but the former only afflicts one person and one point of access to information. If a cloud system locks up, potentially millions of people lose access.

So what does all of this mean?

My take is that cloud computing, for all of its apparent (and supposed) benefits, stands to lose legitimacy and support (financial and otherwise) when the first big, millions-of-people-affecting, failure hits. Companies that tie themselves too closely to this particular model, as either service providers or customers, could be in real trouble. Conversely, if the big failure hits before cloud has swept up lots of users and visibility, the failure could be a signal to shift towards a more resilient model.

I would love to use the resilient cloud described above, and I suspect I’m not alone. But who’s going to provide it?

Jamais Cascio is a Senior Fellow of the IEET, and a professional futurist. He writes the popular blog Open the Future.



COMMENTS

I thought about this too. Openness surely is key. It would be interesting to see how useful a distributed model would be for things like proxy servers, search engines, data warehousing, and so forth.

I know they have begun to distribute the tasks of the root DNS servers, which should slightly improve the resiliency of the core of the internet’s plumbing.

However, services with sensitive material, like data warehousing, would be especially risky to distribute, but also risky to leave on corporate servers. My guess is that security and privacy issues could be diminished by a distributed system, if implemented with PGP with only fragments of files.

It seems like these sort of ideas could have particular usefulness in mesh networks.

Dear Sir ,
While your article is interesting , but is giving the down side of the technology. Come to think of it any new technology would have its plus & minuses or profit & loss.

The only saving grace in Cloud computing is , it is not a new technology buta consolidation of SaaS,Paas , IaaS into one, based on well studied security problems and solution for it.
The cloud does cater for risk managment features or Disaster recovery features.
Adequate measures for DDOS ( this is a only major security hazard ) attack.

Some new look being given to Application Security also.

It is not as bleak or dismal as we think the situation is in Cloud. Amazon , Google ( well they had a glitch recently), Microsoft, Times network are using Cloud .

It is sure that the hype created by vendors are more.  think of it we had data center and all opted for it . It is still running.

well failure can always happen in any system nothing is 100 %  guranteed ( mathematically this relaibility to acieve is next to impossible).  but we live with this notion . so is with cloud.

The power grid can also fail inspite of its built in redundancy ...well for couple of hours we live in darkness and energy company looses revenue or the continuous process production units.  Acceptable ... it is all 99.99 % max reliable with 0.01% of uncertainty.

Thanks

Quote : “My take is that cloud computing, for all of its apparent (and supposed) benefits, stands to lose legitimacy and support (financial and otherwise) when the first big, millions-of-people-affecting, failure hits. Companies that tie themselves too closely to this particular model, as either service providers or customers, could be in real trouble. Conversely, if the big failure hits before cloud has swept up lots of users and visibility, the failure could be a signal to shift towards a more resilient model.”

I think you have this spot on, the phrase “never put all your eggs in one basket” applies here and this has always been the case. Networking computers and the Internet, and the NC client is not a new idea, one of the proponents, (and leading opponents of the Microsoft monopoly of PC software), is Oracle CEO Larry Ellison.

Can you really envisage any large corporation or financial institution placing reliance upon any “cloud” based system for apps, datacoms, or data storage in the near future? I would certainly hope not, and I would not have any confidence or place any trust with any institution that would.

Whilst this may promote benefits for small business scenarios to reduce computing and IT costs, and thus source out all of their problems concerning software requirements and network securities, and whilst an internetworking consumer base may be easily and readily available to take advantage of, any major institution would be foolish to subscribe to this on a large scale in these early days.

Any large system must have and will have a contingency for failures built in, yet the main issues are not only failures to service but data protection and security. How can you possibly police and secure such a large system that has an open source style interface for the diversity of connections and clients required? How do you stop hacking on a massive scale?

Would it be practicable for institutions such as banks, police and governments, security and intelligence organisations, tax services etc. to even contemplate using these kinds of services in the near future?

Yet for any such system to be eventually successful will require its “beta” testers and failures. Like any other innovation, for the ideal of a centralised computer network and internet-work of clients and terminals to become a reality, must require its evolution from a clunky half-baked system to a secure and resilient one. And you cannot get from A to Z without the trials and errors.

If the future holds the dream of a centralised computer network that is freely available for all citizens to use as and when required, (without any baggage required), then these may be the first early steps that we see for this computer evolution. However as data storage, PCs and even software prices are presently at an all time low, I fail to see any real benefits from these services. I would still place greater trust in my own system for data storage and applications usage.

Concerning “clouds”, data loses and sidekicks

With outage, Sidekick service loses its footing..
A prolonged outage for users of T-Mobile’s Sidekick device gets even worse as Microsoft’s Danger unit says that their lost Sidekick data may be gone forever
http://news.cnet.com/8301-1035_3-10372974-94.html?tag=nl.e703

Sidekick outage casts cloud over Microsoft..
The massive data failure at Microsoft’s Danger subsidiary threatens to put a dark cloud over the company’s broader “software plus services” strategy.
http://news.cnet.com/8301-13860_3-10372525-56.html?tag=nl.e703

YOUR COMMENT Login or Register to post a comment.

Next entry: Marcelo launches online magazine Frontier Economy

Previous entry: Military Futurism and Coming Climate Wars