| Cloud Computing – Up in the Air? |
|
|
|
bridges vol. 25, April 2010 / Feature Article By Mathias Höbinger mp3 download
This number becomes a little more surprising, however, when compared with the percentage of people already using cloud computing in one form or another. The same study quoted above found that 84% of Americans are using online email, 57% store or share information through a social media site, and 33% are already storing their photos online. And while these and countless other applications utilizing the so-called cloud already influence the way in which individuals use their computers in a significant way, an even larger revolution based on the same underlying principle is underway in the world of business computing.
The definition According to the US National Institute of Standards and Technology (NIST), cloud computing is defined as follows : "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service-provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models."
The essential characteristics of a "cloud" according to the NIST definition basically consist of a set of conditions that a service or an application must fulfill to be part of cloud computing. These concern broadband accessibility; the ability to provision, manage, and scale the required services quickly without human interaction with the provider; and, as an important part of the definition, pooling the resources of the provider to serve multiple customers. The latter is important because it leads to one of the biggest benefits of cloud computing: higher efficiency. The service models describe the three ways in which users and businesses can use a provider's cloud infrastructure. In the first and most widely known model, "Software as a Service" (SaaS) customers use specific software running on remote servers, mostly using their web browser - social networks are a common example. While SaaS offers applications for end users, the second model, "Platform as a Service" (PaaS), offers a development platform for developers. With the third option "Infrastructure as a Service" (IaaS), the provider offers only his infrastructure and the customer deploys and runs arbitrary software - including operating systems and applications. Finally, the customer's decision as to which deployment model of cloud computing to use depends largely on the sensitivity of the data in question and the size of the company. While large organizations dealing with highly sensitive information might decide to use a Private Cloud operated solely for their own purposes, groups of organizations who share concerns such as security or compliance considerations (e.g., all members of the health-care community of a country) could rely on a Community Cloud. And then there are the large clouds called Public Clouds that are used by the general public and usually owned by a provider of cloud services, as well as cases of several clouds of different types bound together for specific purposes (Hybrid Clouds).
What is cloud computing good for? Stories of how the innovative new SaaS applications and services considered part of the Web 2.0 phenomenon affect and enrich our societies have filled the pages of magazines and blogs (well, another example right there) for years, and any attempt to discuss or categorize them in a meaningful way would probably fill a book. Instead, let's take a look at the benefits of the other two service models (PaaS and IaaS) for businesses and government organizations. 1. Flexibility and Scalability: Imagine a small business, let's say an event management office, which has just acquired a major contract, an event 10 times bigger than everything it has organized before. Its employees are well trained and have worked with their current IT system for years, but their hardware is simply not powerful enough to handle the amount of user information. In addition, the new contractor is very concerned about the security of its customer data. One might suggest it's time for some new servers, but what if the company holding the large event is a flash in the pan? Overdimensioned IT systems are a very common unnecessary cost factor - in fact, most of the traditional servers in US businesses run at around 15% capacity . Now let's assume the company's server was a virtual machine running in some huge IaaS provider's cloud. Its computing power, storage capacity, and memory could be increased ten-fold with a mouse click in seconds, without even calling a sales representative. And it could be scaled back just as fast, with no fees or questions asked. 2. Increased Security: To accomplish this by storing all the data "in the Internet" may seem counterintuitive to those who have experienced online credit card fraud or other forms of cybercriminality. Yet most people nowadays would generally agree that it is good policy for a business to trust a bank with storing its cash receipts instead of keeping them in a safe inside their own shops or offices; they usually assume that the bank has far superior security systems and expertise, simply because that is an important part of its business. Assuming you find a cloud service provider you trust (which is, for now, a big assumption), the argument for storing your data on their servers is simple: Stealing data from a server in your office is usually not more difficult than opening a safe. And even if you don't believe someone would physically try to steal your equipment, are you really sure that your local "IT guy" knows more about cybersecurity than the scores of Ph.D.s working on that issue at Google or amazon? People like Sun Microsystems' CTO Greg Papadopoulos envision a future in which companies will trust service providers with their data just as they now trust banks with their money. 3. Anywhere, Anytime: Sure, remotely logging into a company server has been possible for quite a while now. But doing it at an acceptable speed, without lags and waiting times, requires a very expensive IT system and high-end Internet connections for the servers. When using a cloud-based system, it makes no difference at all if you work from your office or the other side of the world - all you need is decent Internet access. Companies usually don't have maintenance outages and are available 24/7 without increasing your utility bills. Another factor, which has become increasingly important with the advent of more and more capable smart phones, is mobile accessibility. Several large providers are currently working on solutions for viewing, editing, and commenting on all kinds of documents from phones or other small mobile devices. 4. Efficiency Benefits alone would provide enough reason to shift corporate computing to the cloud, even without considering any of the other advantages - and in fact, efficiency is the predominant reason for most businesses that have chosen to make this shift during the last few years. This is achieved in two ways, the first one being the pure technical advantage of large data centers. Although the construction and maintenance of these facilities provide challenges to the surrounding infrastructure, as they require huge amounts of reliable energy and cooling water sources, their scale allows for far more efficient operation of computers than any small- or medium-sized business could ever provide. Cooling with water from local rivers instead of air cooling with fans alone saves huge amounts of energy. Secondly, cloud servers can operate at far higher average utilization rates. Unlike small businesses, which usually have their servers on at all times regardless of their workload, cloud operators can keep just enough servers running to handle the current load and turn additional units on and off within seconds. Last year Google provided a rare view into one of its centers and revealed that the actual servers are housed in shipping containers inside the buildings. This way the company can even react to local events like changing energy prices by geographically relocating computing capacity. Papadopulous expects a "neutron star collapse of data centers," meaning that at some juncture it won't make sense for businesses to build their own data centers. SaaS products usually have the additional cost-efficiency advantage that almost all the installation and maintenance costs, amounting to around 80% of enterprise software expenditure according to a 2008 talk by Microsoft Vice President Ron Markezich at the Booz Allen Cloud Computing Summit 2008, can be avoided because no software has to be installed locally. Challenges ahead
While there are many indicators for continuing success of the cloud revolution, the concept is still very much under development and a number of difficult questions remain to be answered regarding issues like privacy or liability in case of data loss, which are especially complex because most of the clouds extend over many different countries with just as many legal systems. Some of the core challenges to the success of cloud computing are: 1. Security: Although large cloud providers generally employ a much higher level of sophistication in their security efforts than IT departments of regular businesses, as pointed out earlier, a number of security-related issues still keep many excecutives from trusting cloud providers with their most sensitive data. First, larger data centers inherently mean larger targets for cybercriminals. And as even the best countermeasures can't be 100 percent secure, providers call for adjustments in the criminal law of the US and other nations. "We believe Congress needs to increase the level of fines levied against hacking into a data center," said Brad Smith, senior vice president and general counsel of Microsoft, at a panel discussion at the Brookings Institution in January 2010. "Right now the level is the same as for hacking into an individual PC, even though the scale couldn't be more different." A second security-related issue for cloud operators is the regulations and laws defining who can access data stored in a local data center under what circumstances - which differ vastly from country to country. "A decision to comply with a lawful demand for user data in one jurisdiction can place a provider at risk of violating a law somewhere else," Smith says. "This is creating a Catch-22 situation for the cloud" - and uncertainty for the customer. In the long term he is calling for "a new treaty or similar international agreement" to resolve this issue. Existing agreements, like the US-EU Safe Harbor , date back to a pre-cloud computing time and are not wide-ranging enough. Recent incidents of possibly state-sponsored hacking attacks on Google in China, and the subsequent acknowledgment by its board about working with the National Security Agency on that subject, has ensured that the discussions won't cease anytime soon. 2. Privacy: While the aforementioned security issues generally assume that the cloud provider is trying to protect user data, many end users of SaaS services have a different problem - they don't even trust the providers to handle their data properly. Recurring headlines about the way providers of big social networking sites use, and even sell, private user information have led many customers to feel uneasy about putting pictures of their last night out or maybe even more sensitive information in any cloud-based application. Comments that privacy is "no longer a social norm " by facebook founder Marc Zuckerberg or "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place " by Google CEO Eric Schmidt don't help. This is an issue which can probably only be resolved by the providers themselves, by providing "in plain language, how their information will be accessed and used by service providers so consumers know what they can do and know whether and how they can reclaim their documents and data in the future." (Smith) 3. Inherent Challenges: Because the cloud infrastructure is still in its very early stages, there are still many different possibilities for what our computing infrastructure may look like 10 years from now, and some are more desirable than others, according to Michael Nelson, a visiting professor at Georgetown University and chairman of the Technology Section of AAAS. "If we don't do the right things in the next two or three years, we're going to see the cloud become something that is controlled by just two or three companies," he cautions, comparing the development of cloud computing with that of the TCP/IP network standard and later the web, which were both based on open and accessible standards. He demands similar standards for the cloud, so that users are "able to take something from one piece of the cloud run by one company, and combine it with data and applications in another, and combine that and maybe store the results in a third piece of the cloud," without being locked into the solution of a single company. The Role of Governments During the last few decades, many new technologies, like the Internet and email, were developed with direct government involvement. A government that decides to trust a new technology enough to use it with its sensitive data sends a strong signal of confidence to the general market. Thus, governments around the world play an important role in shaping the future of cloud computing as well as their people's perception and acceptance of this technology. United States The Obama administration has embraced cloud computing from the very beginning, as a way of making governmental IT more more cost- and energy-effective. Shortly after his inauguration, the President appointed Vivek Kundra , a former District of Columbia official responsible for shifting the US Capital's IT to the cloud, to be the first chief information officer of the United States. Kundra presented the US administration's cloud computing plans and the first major milestone of the government's efforts at an event at NASA's Ames Research Center in mid-December. As a major proponent of the use of these new techniques in government agencies, he had some quite impressive numbers to support his points: The federal government currently runs somewhere around 10,700 different IT systems, which have doubled their energy consumption between 2000 and 2006. Said Kundra: "We can't continue on this trajectory." When the Transportation Security Administration discussed adding a simple blog to its web site last year, the cost estimate for the required security certifications, the needed equipment, and the implementation was $600,000 dollars - while at the same time, end users can get blogs free of cost. Of last year's $76 billion federal IT budget, $23 billion were spent on infrastructure. The administration's cloud computing strategy consists of three major points:
1. Simplifying the Acquisition of Cloud Computing Solutions: The General Services Administration (GSA) launched Apps.Gov last December as a "storefront" for the CIO's of the different agencies to purchase cloud computing applications that have already been certified and approved by the GSA. It is easy to use and works like many popular online stores where users can purchase products with a few clicks. Kundra: "[We want to make it] easy for the industry that has innovated, and has addressed some of the security issues that the federal government faces, to get on the storefront, on Apps.Gov, and make it even easier on the federal side, for CIO's that want to lead, [...] to go forward and procure some of the solutions here." 2. Budgeting: The budget for the fiscal year 2010 has recognized cloud computing as a priority and adds funding for a number of pilot projects. "The pilots will test a variety of services and delivery modes, provisioning approaches, options, and opportunities that cloud computing brings to Federal Government." [Budget FY2010, Crosscutting Programs, p.158 ]. These will be funded from the E-Government Fund which was alotted $35 million for this fiscal year. In a recent interview with "Federal News Radio," Kundra mentioned the payment portal of the Treasury Department as an example for such a pilot project. In the budget fot fiscal year 2011, the administration writes that: "[A]fter evaluation in 2010, agencies will deploy cloud computing solutions across the Government to improve the delivery of IT services" and that "adoption of a cloud computing model is a major part of the strategy to achieve efficient and effective IT services." [Budget FY2011, Analytical Perspectives, p.323 ]. It is therefore reasonable to assume that funding for the E-Government fund will be significantly increased by Congress. 3. Policy Planning and Architecture: An important issue among the many policy initiatives is the effort to challenge the private sector to address the government's security requirements so that companies can get "Central Certification" allowing them to offer services to many different agencies. Google has already announced its intention to create a special "government cloud" housed in its existing data centers, but fulfilling additional requirements such as: a. guaranteeing that the data will geographically reside in the United States, andOther issues involve defining a target architecture as a blueprint for the implementations in the different agencies and updating the federal security and privacy regulations to fit into the new cloud infrastructure. Kundra acknowledged that there will always be systems where "the government must run, own, and operate that infrastructure because they're sensitive when it comes to national security or other sensitive information." In the long term, there could be a government-owned cloud, and Apps.Gov already has a section called "Cloud IT Services" offering virtual machines, web hosting, and cloud storage - but so far there is a big "Coming Soon" badge over the links to these services. The European Union 
Cover of "The Future of Cloud Computing", a report of an EU expert group.
Andrea di Maio , an analyst for Gartner, Inc. , a US technology advisory company, sees the recent adoption by the European Commission of a legislative package "proposing the setting up of an Agency for the long‑term operational management of the Schengen Information System (SIS II), Visa Information System (VIS), EURODAC, and other large-scale IT systems in the areas of freedom, security, and justice" as a development that goes in the direction of a private cloud for EU IT applications. The agency is scheduled to be operational by 2012 and "will have the potential to be entrusted with the development of new IT systems" in these areas. According to Di Maio , this bundling of the operational management of some of the major existing European IT systems shared by many EU member states, along with the stated objective of adding additional ones in the future, could suggest planning for some form of European cloud infrastructure. Outlook As stated before, cloud computing in its current sense is still quite a recent development, and there are a number of uncertainties regarding its further evolution. Michael Nelson predicts that by 2020, 80% of the worldwide computing could be done in some form of cloud, and Greg Papadopoulos thinks computing in the future will be done in a grid of a half dozen very large cloud infrastructure providers and a hundred or so regional providers. Amazon's CTO Werner Vogels sees the major change for businesses in IT becoming a variable cost instead of a fixed cost when his company's "pay for what you use" principle will have prevailed on the market. Which predictions will become reality is very hard to know, most experts agree on this. But one reality is clear: Cloud computing has become far too large a step towards more efficient and convenient use of infrastructure to be ignored.
***
The author, Mathias Höbinger, is currently a research assistant in the field of geometry at the Vienna University of Technology.Sources :
NIST Definition of Cloud Computing v15 , NIST, link:
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26 , NIST, link: http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt The Atlantic, State of the Union for Technology, The Columbus Club @ Union Station, February 23, 2010 Brad Smith and Michael Nelson Quotes: The Brookings Institution, Cloud Computing for Business and Society, panel January 20, 2010, link: http://www.brookings.edu/events/2010/0120_cloud_computing.aspx Vivek Kundra Quotes: Administration Cloud Computing Announcement, NASA Ames Research Center, link: http://www.youtube.com/user/NASAtelevision#p/search/0/eND7hT8JdwA Online Exposure, Offline Uncertainty White Paper, Penn, Schoen & Berland Associates and The Chertoff Group, link: http://www.psbresearch.com/files/Online%20Exposure, %20Offline%20Uncertainty%20White%20Paper%2010-22-09.pdf |
|||||||||||||||||||||||
