Clouds

This past Thursday I attended Fujitsu’s third annual Cloud Computing Symposium in Sunnyvale. It was an excellent program, with a succession of interesting panel discussions.

With cloud computing, you exchange applications and data on your own machine for applications and data somewhere out on the Internet. Gmail, for example, is a cloud-based application: all the data is up on the Net, and you can access it from anywhere.

The Cloud is hot. The Cloud is the new black. The Cloud is where you should invest. The Cloud will spark the next bull market in technology. Well, maybe. There’s certainly a lot of momentum and media attention – not to mention money – behind the Cloud.

And at first glance, you’d be crazy not to use the cloud. Your data is available from any Internet connection, be it in San Francisco or Timbuktu. No more worrying about upgrading applications, replacing a crashed disk, or backing up your data – all those niggling things that you’re not very good at. No more having to lug around a traditional laptop with a large disk. Heck, you can get to the cloud from your iPhone.

The economic advantages are even greater for businesses. Running a data center is a huge capital expense – construction, power, HVAC, all the servers, network hardware & cabling – as much as 40-70% of non-personnel expenditures. For a startup company these expenses can be overwhelming, and it’s all up front, before any revenue comes in the door. But if you use the Cloud, you simply rent your computers & applications (using operating expenses instead of capital expenses) and you’re ready to go almost immediately.

Viewed from a security standpoint, however, you’d be crazy to use the cloud. You are trusting that your vendor will keep your data private, both from themselves and from third parties. You are trusting that they make backups of your data. You are trusting that they have the wherewithal to maintain high uptimes. On Wednesday 10 June a lightning strike damaged an Amazon data center and many customers were offline for six hours. Vendors aren’t necessarily liable for these outages: many cloud vendors do not offer guarantees, or ask you to pay extra for “geographic redundancy.”

When a potential customer is leery of the cloud because of security concerns, a vendor will typically reply “are the data any more secure at your own site? The largest threat to any organization is from insiders.” I’m willing to acknowledge that, but moving to the cloud can’t be just that simple, or everyone would already be doing it. It’s a complex process.

There are legal ramifications of the cloud as well: whereas data in your possession can only be obtained by a search warrant, data in the cloud need only be subpoenaed – and sometimes the Cloud Powers that Be simply hand over data to the government upon request. And if the cloud is physically located outside the country, all bets are off. How do you know whether someone on the cloud is looking at your data? What if your trade secrets are leaked? Encryption is certainly part of the ultimate solution, perhaps in a way where data are only visible unencrypted at the customer’s site. This is an area of much research.

Despite the hype, cloud computing is still a small percentage of the industry, about 2% of the U.S. infrastructure according to one estimate. But in two or three years, that number will undoubtedly be much higher.

Welcome to the Cloud.