The term “cloud computing” took the information technology sector by storm in 2008. While that activity won’t likely be dying down anytime soon in 2009, a clearer picture of the possibilities and pitfalls of cloud computing is beginning to emerge.
Last year saw a flurry of announcements from major vendors about their cloud computing solutions such as Microsoft with Azure and, more recently, IBM with Blue Cloud.
Microsoft (NASDAQ: MSFT) unveiled Azure at its Professional Developers Conference in Los Angeles late last year. Since then, tens of thousands of developers have been able to play around with the beta version available as part of Microsoft’s beta testing program. Microsoft so firmly believes in cloud computing that Mark Ralph, vice-president, developer and platform group, Microsoft Canada, says Microsoft believes it will change the way software is built.
“The core concept of Azure is it’s the operating system for the cloud,” says Ralph. “That sets it apart from other parts of cloud computing.”
Internet companies such as Amazon with Amazon Web Services, and cloud computing projects from Yahoo and Google, have also made headlines. Amazon offers a host of Web services that allow users to purchase space in the cloud for storage and computing requirements, such as querying data in a scalable and cost effective fashion.
To date, Amazon has had a lot of success with its cloud computing model, according to Info-Tech Research analyst John Sloan. One of the reasons, Sloan says, is that Amazon already had the infrastructure to support cloud computing in place and just built virtual machines on top of that.
“With the traditional hosting model, you buy a whole bunch of hardware that gets hosted with a service provider,” explains Sloan. “The cloud approach is that you buy processing cycles that you actually use. It has created a much lower cost point of using these cloud services to host apps or do storage.”
A cloud by any other name
While cloud computing has received a lot of attention, there’s still a lot of fog surrounding its definition. Amidst all of the hullaballoo that vendors have espoused on the topic, it seems the industry is no closer to a clear consensus on what it exactly means.
That said, the basic concept of the cloud is that it performs the same functions as a piece of hardware, such as a personal desktop computer, server or mobile device, only the information being processed is in a virtual space on the Internet. This idea is similar to other computing buzz words in the last decade or so, such as Software as a Service (SaaS) or, in this case, what the industry has dubbed, HaaS, short for Hardware as a Service, virtualization and utility computing all rolled into one ball.
Once businesses can get their heads around what computing in the cloud means (or as close to that as possible) the usual red flags for any IT purchase decision around cost, reliability, and privacy and security are raised. In an industry that in many cases is fraught with technology first and security as an afterthought, vendors selling to businesses need to ensure that their cloud-based solutions are secure.
The topic of privacy and security in cloud computing came up in a recent report from the Ontario Information and Privacy Commissioner, Ann Cavoukian, called, “Privacy in the Clouds.” Along with the benefits of cloud computing such as flexibility, reliability and enhanced collaboration, Cavoukian cites several privacy and security concerns.
How do you secure a cloud?
The first is physical access. With traditional computing setups, it’s possible to prevent unwanted users from accessing the hardware by physically restricting it. Access was also controlled through user names and passwords. With the cloud, however, additional security requirements need to be taken into consideration, according to Cavoukian. These include identity services that are independent of single devices, single sign on to a multitude of Web services and federated identity management.
In a business setting, organizations also have a responsibility not only to their employees, but also to their shareholders and the public in general in terms of their reputation. So the question becomes why should businesses invest in cloud computing when there are inherent issues surrounding its security, as the Commissioner points out.
Security issues, however, shouldn’t be a barrier for businesses wanting to move some of their applications out into cyberspace. Companies such as Websense are quick to say that along with the numerous benefits of the model, such as reducing infrastructure costs and improving efficiency, there is also risk associated with protecting data.
“Data security is a big issue,” says Fiaaz Walji, Canadian country manager for Websense. “The challenge in cloud computing is simple: data is at risk when it’s stored in the cloud on someone else’s hardware and in disparate locations. In such an environment, it’s difficult to make sure data is absolutely secure.”
Walji went on to say that the data is also at risk to cybercriminals – something that businesses wouldn’t have had to think as much with traditional hosting environments. In this case, the cloud may be used to send spam or to launch more sophisticated attacks, including hosting malicious code for downloads, uploading stats, and testing malicious code, Walji says.
“As spammers follow enterprises in migrating to the cloud, their transition could make it very difficult to block or shut them down because cloud service providers are considered trusted providers,” Walji says.
But the Web doesn’t need to be the enemy says Shan McArthur, vice-president, technology and senior architect of ADXStudio CMS, a Web content management system built on Microsoft .Net 3.5. Based in Regina, the independent software vendor is a Microsoft Gold Certified Partner and has built a cloud-based version of its flagship CMS product based on Microsoft’s Azure platform.
“The nice thing about the Web is that it’s taught us a lot about security,” says McArthur, who has his own blog tracking ADXStudio’s foray into cloud computing with Microsoft’s Azure.
Compared to a traditional hosting model, McArthur says the cloud is secure as long as the company provides the access to its resources on the Internet securely and reliably.
Lines of accountability
On the other hand, Info-Tech Research’s Sloan argues that it was easier to be compliant in terms of security and regulation under the traditional hosting model.
“Before you could say this is the hardware that we own or the hardware that we pay for or this is where the data is sitting. You own that box and you own the data that’s on it,” says Sloan. “With the cloud, you get this issue of multi-tenancy. Multiple owners own processes and own data that’s on this cloud.
“From an accountability point of view, you can’t draw a direct line to say ‘this is where our stuff is.’ Part of the cost of traditional infrastructure hosting companies is being able to create that auditable line to where your stuff is and ensuring there’s a level of recoverability for hardware.”
ADXStudio’s McArthur, however, says he has absolute confidence in the cloud solution. So much so that ADXStudio will have moved his blog site to the Windows Azure platform, along with the company’s corporate site, by mid-February. He added that the company also has plans to host its new community site for developers in Azure.
“I’m confident enough with Azure to put our own critical Web properties on the platform,” he says. “From a performance perspective, I have found a single instance of Azure to be as fast as a modern high end desktop, so I’m pretty confident that we can scale to very large scale by adding multiple instances in Azure.”
While early adopters such as ADXStudio are embracing the cloud, Websense’s Walji says many enterprise adopters of the technology will use it for low-risk applications or for trial and peripheral projects where it makes more sense to rent someone else’s infrastructure than maintain their own.
“I would suggest that organizations not put applications that are mission-critical or hold sensitive data in the cloud,” he says. “Additionally, many early adopters using the cloud today are start-ups and small businesses looking for a quick, easy way to ramp up infrastructure.”
As businesses start to experiment with the cloud in 2009, maybe its definition will start to emerge from the foggy definition it has to date.