Everywhere you look, the phrase of the last few years has been Cloud computing. When the term first started to be used it was meant to describe a change to the way we would do computing. In many ways it is an amalgamation and next generation of several technologies – outsourcing, utility based computing, grid computing, client-server and server hosting. Wikipedia describes Cloud computing as:
“Cloud computing refers to the use and access of multiple server-based computational resources via a digital network (WAN, Internet connection using the World Wide Web, etc.). Cloud users may access the server resources using a computer, netbook, pad computer, smart phone, or other device. In cloud computing, applications are provided and managed by the cloud server and data is also stored remotely in the cloud configuration. Users do not download and install applications on their own device or computer; all processing and storage is maintained by the cloud server. The on-line services may be offered from a cloud provider or by a private organization”
There are other definitions but this one is good enough.
In the early days of describing the technology, Cloud computing was as good a phrase as any but as we have begun to closely define the technologies that make up Cloud computing, the overuse of the phrase is causing confusion.
Part of the problem, according to Ditlev Bredahl, CEO, OnApp is the maturity of the market around Cloud. “In the US, the use of the word Cloud is generally accepted as good enough to describe all the services that make up Cloud but in Europe we find that people see this generalisation as being too leading edge. Instead, they want to talk about Virtual Servers and the different parts of the technology involved in Cloud computing.”
But this is more than just a difference of opinion between the US and Europe. Let’s take a look at security. Nobody would say that all IT is insecure. Instead, the conversation would be technology focused and talk about the need for encryption of USB devices, more secure passwords, the use of biometrics for logging in, the need for secure code to protect applications that are no longer running inside the firewall as well as the need to encrypt data both at rest and in transit.
Yet when we talk about Cloud computing there appears to be a significant body of journalists, analysts and even IT vendors will to make sweeping statements about Cloud computing being insecure. Is it running applications or storing data that is insecure? Is it the connections between the user and where the applications or data are hosted? Perhaps this just be a case of people jumping on bandwagons or a desperate attempt to create a new market for existing products.
Bredahl is convinced that the current wave of statements about Cloud security is more about job creation than fact. “From my perspective, the whole security in the Cloud is a scam to be honest. There was a whole generation of people in 2000 who had a lot of fun with Y2K and security. Now they are back and talking about Cloud. We focus on Infrastructure as a Service and there is nothing making IaaS more insecure than any other way that infrastructure is deployed.”
This is not to say that there aren’t problems with the use of Cloud but we need to look at who is buying into it and who is selling it. For example, the SME market is a huge adopter of Cloud services, especially where it takes away all of their local IT infrastructure. Yet few of these companies do any real due diligence over where their data is stored.
Over the last two years we have repeatedly seen large companies admit that your data, even when stored in localised datacentres, is not safe from extraterritorial legislation such as the US Patriot Act. Despite denying that it would hand over European data stored in European datacentres to the US Govt on demand, Microsoft is the latest company to formally admit it has no option. This means that many companies using Microsoft’s European datacentres to store personal data could be open to a breach of European data protection law.
For many multinational organisations, their Cloud infrastructure is a highly virtualised version of their existing datacentre which is then outsourced. This doesn’t mean that anything is going to be moved off site it just means that someone like HP or IBM comes in and takes over the running and maintenance of the existing facility.
If we are to make Cloud computing a properly understood, secure and cheaper alternative to localised datacentres we need to get specific. Rather than talk about Cloud in the abstract, let’s have those conversations about the various services that underpin the greater goal of Cloud computing. Infrastructure as a Service, Software as a Service, Storage as a Service, Software Testing as a Service, Platform as a Service, Desktop as a Service – these are the best defined of those service layers and they build together to provide Cloud based solutions.
The next time you get involved in a conversation with someone going on about Cloud computing and its ability to solve the mysteries of the universe or being the weak link in your IT strategy, ask them exactly what they mean. Ask for their definition of what Cloud is and how it applies to your IT, your organisation and what benefits it can be proven to deliver. Insist on specifics about the technology and how your existing systems will be migrated.
If all they do is carry on with a sales pitch with no detail, this should tell you everything you need to know about their pitch.