Thursday, November 5, 2015

Cloud computing; Threat or Menace?

Back in May The Economist hosted a debate on cloud computing:
Big companies have embraced the cloud more slowly than expected. Some are holding back because of the cost. Others are wary of entrusting sensitive data to another firm’s servers. Should companies be doing most of their computing in the cloud?
It was sponsored by Microsoft, who larded it with typical cloud marketing happy-talk such as:
The Microsoft Cloud creates technology that becomes essential but invisible, to help you build something amazing. Microsoft Azure empowers organizations with the creation of innovative apps. Dynamics CRM helps companies market smarter and more effectively, while Office 365 enables employees to work from virtually anywhere on any device. So whether you need on-demand scalability, real-time data insights, or technology to connect your people, the Microsoft Cloud is designed to empower your business, allowing you to do more and achieve more.
Below the fold, some discussion of actual content.

Arguing "yes" was Simon Crosby, and "no" was Bruce Schneier, who also posted a three part essay on his blog. Crosby's opening statement for the "yes" side starts:
Running a given computing workload in the cloud, rather than on a company’s own information-technology (IT) infrastructure, yields little or no cost advantage today.
Schneier's for the "no" side starts:
The economics of cloud computing are compelling. For companies, the lower operating costs, the lack of capital expenditure, the ability to quickly scale and the ability to outsource maintenance are just some of the benefits.
Schneier ends by saying:
In the future, we will do all our computing in the cloud: both commodity computing and computing that requires personalised expertise. But this future will only come to pass when we manage to create trust in the cloud.
So even Schneier on the "no" side thinks that the cloud is inevitable, but he zeros-in on the key question, why should anyone trust the cloud? He identifies the key areas in which trust is currently lacking:
  • Control: "Cloud computing is cheaper because of economics of scale, and—like any outsourced task—you tend to get what you get." The result is limited scope for customization. And, as Backblaze demonstrates, you don't have to be very big to get most of the economies. And, remember, with cloud services such as Amazon's, you aren't getting all the economies of scale, just the part left over after Amazon's margins.
  • Security: Crosby writes "Today’s IT infrastructure is a Swiss cheese of vulnerable networks, operating systems and applications developed before the internet. It is difficult and expensive to keep running—and easy to penetrate. In 2014 Verizon reported more than 2,100 data breaches." Schneier admits that "For most companies, the cloud provider is likely to have better security than them—by a lot. All but the largest companies benefit from the concentration of security expertise at the cloud provider." But he points out that "a large cloud provider is a juicier target. Whether or not this matters depends on your threat profile. Criminals already steal far more credit-card numbers than they can monetise; they are more likely to go after the smaller, less-defended networks. But a national intelligence agency will prefer the one-stop shop a cloud provider affords. That is why the National Security Agency (NSA) broke into Google’s data centres."
  • Accountability: Schneier calls this area "trust" but I think accountability describes it better. He writes: "I know that, at least in America, [cloud providers] can sell my data at will and disclose it to whomever they want. It can be made public inadvertently by their lax security. My government can get access to it without a warrant." And he points out "Try asking either Amazon Web Services or to see the details of their security arrangements, or even to indemnify you for data breaches on their networks."
Ludwig Siegle, the moderator, summed things up:
Simon Crosby did a great job in explaining the business imperatives for moving into the cloud. Bruce Schneier convincingly laid out the reasons why many firms will take their time to make that step: they do not feel entirely comfortable with living in the computing skies.
He is right. It was a good debate and worth reading, because both sides made good arguments about general business use of the cloud. I'm still strongly of the opinion that, for digital preservation (PDF), the cloud can at most be one component of a hybrid system. I'm sorry it took me so long to get around to blogging abuout it.

1 comment:

David. said...

Ingrid Burrington at The Atlantic has an interesting piece entitled Why Amazon's Data Centers Are Hidden in Spy Country about the concentration of Amazon's data centers around Tyson's Corner.