Cloud Computing: The myths, realities and everything else - Part 2

In the previous post, I tried to clear any confusion regarding the meaning and scope of cloud computing. In this post, I will try to squash some myths promoted by pundits ignorant about cloud computing technology and companies whose core businesses are threatened by the proliferation of cloud computing.

Myth: Cloud computing is not secure

Truth: It is quite wrong. Cloud computing is as secure as the traditional datacenters and desktop PCs. Whether it is desktops in an organization or servers in their datacenters, the data is as secure as their security implementation. If the IT department or system admin fails to be proactive in closing all the security holes including social engineering loopholes, the data in the traditional datacenter will be compromised. If the IT dept. allows the desktop users to install vulnerable software from the web or from physical medium, the PCs will be compromised. It is the same case with cloud computing vendors.

The security of their service depends on how efficient they are in managing it. The very lifeline of cloud computing vendors is the service they offer and, therefore, they will be very efficient in protecting the data on their infrastructure because that is the only way they can protect their own business. No vendor would like to go out of business and hence they will be obsessive about their security. Any generalized argument about the lack of security in the clouds is flawed.

Then, there was a fear inducing meme that talked about how the security attacks like the recent DNS exploit will doom the cloud computing. This is clearly a scare tactic. If you dig a bit deeper, DNS comes into play the very moment you step on to the internet. Any exploit in the DNS systems will affect users in the same way irrespective of whether they are using traditional datacenter based web/app hosting or cloud based services. Such issues are not unique to cloud computing alone.

Myth: There are privacy risks associated with cloud computing

Truth: It is not true either. In the real world, individuals and small businesses face certain privacy risks when they do transactions both online and offline. They share their data, including credit card information, with vendors. They are assured certain of level of privacy by the vendors and there are also some risks associated with the transactions. It is the same in the case of cloud computing too.

There are also some propaganda about government agencies accessing the user’s data stored in the clouds and the associated lack of privacy. It is not unique to cloud computing alone. In the offline world, the government agencies can monitor your banking transactions, library transactions and even your purchases. If you ever use internet, there are risks of government agencies monitoring your usage through the ISP or through any internet gateway. There is always the danger of big brother looking over your shoulder in both offline and online world. The users of cloud computing also face similar risks and it is no different from the privacy risks faced in the real world.

Myth: Cloud Computing is not a proven technology

Truth: Even though we are experiencing a paradigm shift towards cloud computing, it didn’t happen overnight. It is not something that just popped up in front of the user all of a sudden. It evolved slowly over a decade to reach the current level. We have been having applications like email and calendar on the web for a long time. We even had some verticals like payroll processing over the internet for many years now. What we are seeing as cloud computing is the maturation of these technologies coupled with the ubiquitous internet availability through PCs, Laptops and Mobile devices. In spite of what the naysayers would like you to believe, it is a proven technology which evolved over a period of time.

Myth: Cloud Computing may suit individual consumers and small businesses and it will never enter the enterprise market

Truth: Cloud Avenue editor Zoli Erdos has blogged about this sometime back in his personal blog. Reports indicate that by 2012, at least 80% of big enterprises will spend their budget on some cloud based services. Also, according to a Gartner report, the enterprise email through cloud computing will jump from 1% in 2007 to 20% in 2012. Big enterprises are not embracing cloud computing overnight due to strategic reasons and their past investments in the traditional IT infrastructure. As the cloud technologies mature, enterprises will slowly but steadily move to cloud computing.

Myth: SaaS will never happen and traditional software will not go away

Truth: SaaS is happening. It is not a matured technology as desktop software but it is going there. It is just a matter of time before SaaS takes over completely. Saying SaaS will never happen is like getting into a Los Angeles – Newyork flight in LA and immediately claiming that the plane will not go to Newyork. We should have patience to allow the flight to travel the distance. It is the same case with SaaS. It has just taken off and it will be sometime before it matures to become an all pervasive technology like desktop computing. Having said that, traditional desktop software may not (and, in a way, need not) go away. Let us take the case of transition from the postal mail to email. Even in this era of facebooks and twitters, we still use postal mail for some of our mailing needs. Even though these internet based technologies had made postal mail almost irrelevant, it is not dead yet. It may not even go away completely. We are going to see a similar scenario in our transition from desktop software to cloud computing. Slowly, but steadily, desktop software will become irrelevant but we will still be using them for certain tasks. Just the very existence of traditional software in the fringes of computing doesn’t take away the importance of SaaS.

Myth: Cloud Computing = SaaS

Truth: As I explained in the first post of this series, cloud computing includes SaaS, PaaS and Infrastructure as a service. SaaS is just part of the cloud computing ecosystem.

Myth: Cloud computing is nothing but ASP and Client–Server architecture of the past

Truth: I have already posted about this topic in my personal blog. I won’t repeat the same arguments here. As I have pointed out earlier in this post, cloud computing didn’t happen overnight. It was a slow evolution from its various predecessors like ASP, Client-Server architecture, etc. With the ubiquity of internet and maturation of hardware and network technologies, we could have a highly scalable technology like cloud computing now. We couldn’t have had cloud computing in the era of ASP or Client-Server architecture just for this reason alone. We didn’t have the technology then. It might have had its roots in the technologies of the past but they are clearly not the same.

Myth: We can only trust big players and not smaller ones and startups

Truth: It is not true. In the past few months, we have seen downtimes with big players like Google and Amazon while many smaller players have stayed stable. While big players offer the confidence about the longevity of their business, it need not be the case. When Microsoft was trying hard to consume Yahoo, there were worries about the longevity of services like Flickr and Delicious. The users were worried that Microsoft may shut down these services in favor of their own products in their domain. On the other hand, when Google bought Youtube, they were allowed to keep their brand, employees and, even, office location and Google Video is slowly moving to oblivion. It is just not true that big is better in cloud computing.

I think I have covered some of the myths floating around the web regarding cloud computing. If you know of any myths or if you want to discuss more about the myths surrounding cloud computing, feel free to share your thoughts below.

You give security short-shrift and don't really provide solid reasoning why its a myth. For good reason - it isn't a myth. Cloud Computing does offer security risks. The fact that the alternatives offer risks too does not diminish this fact. The way to address this is not to dismiss the risks, but to note that Cloud Computing risks are different than "on-site software" risks. These risks have different impacts on consumers, small businesses, and large enterprises. In order to move past Gartner's "Peak of Inflated Expectations" and "Trough of DisIllusionment" to the "Slope of Elightenment" (http://www.techcrunch.com/2008/08/18/where-are-we-in-the-hype-cycle/) we need to carefully assess those risks and find ways to address the risks that are appropriate for the different types of customers. I look forward to that conversation taking place here over the upcoming years.

My impression about cloud computing is that it will be slow to the end user. Reasons - 1. All the computing happens at server end while the user interface is at the client end. So vast amount of data need to move to and fro. So the speed is not only constrained by Processor speed and memory but also by internet speed too. 2. I come from India where the Broadband penetration and speed is abysmal. 3. I have used zoho and google docs for office productivity but I don't get the same experience that I get from Desktop Softwares. Another impression is that - My data is not fully under my control. Reasons - 1. As a Business my competitor can easily view my data. all he needs is my user name and password. My employee who is given the authority of user id and password can easily share it with his friend in competitor's firm. 2. The firm providing cloud computing services may delete my data. I heard so many such cases in Web hosting centres.

mr.paul, thanks for your response. I didn't argue that security threats in cloud computing is a myth. I only refuted the argument that cloud computing is insecure compared to traditional methods. I think I have made my argument clear on this by showing that the threats in cloud computing is no different from the traditional methods used now. Similar to the security policies we develop for protection in the traditional network, we have to spend out resources developing proper security policies while using the clouds. I am not arguing that cloud is the safe bet. I am just saying that the security in the cloud is as good/bad as the current models. I think my next post highlights the same thing.

keshavaram, regarding the next part of your argument, I beg to differ. Here are my reasons. 1) Your data is not in my control argument is similar to the arguments made by users in Indian industries when they moved from bulky paper archives to desktop. This is a paradigm shift. You lose control of your data within your firewall to get an ubiquitous availability of data wherever you go. This is just a mental block than a real issue. You need to develop a trust based relationship with the cloud vendor to get the advantages of cloud computing. It is like having a mental block to use credit card online. I know of many people who would want to pay with only cash and don't want to use credit card online. Well, the net result is that they have to do extra work to get things done (like going to a shop that offers what they need and paying with cash). 2) If an employee is hell bent upon stealing your data, he/she can use a physical medium like USB drive or CD to steal it if you are using Desktop computers. He/she can photocopy the documents and steal (even worse, just write it down and take it) if you are still struck in the very old fashioned pen and paper format. It is my point of this post. I wanted to dispel the same myths which you are believing. There is no way it is unique to cloud computing alone. It is the threat we face even if we are struck in the stone age of paper based document storage.

Hi Krishnan, Cloud computing has more security risks than traditional web hosting. In cloud computing, multiple users share the resources. If one user's application has a security vulnerability, then the data of all the users sharing the same resources can potentially be compromised. So the users should take this in to account while designing their application for cloud computing/hosting, which would not be the case if they are hosting the applications by themselves. And also the cloud vendors should sandbox users' applications and resources from each other. So both cloud vendors and cloud users have to take additional steps to secure their resources. Shankar

I disagree with this. As far as I know, I haven't come across a case like what you are mentioning here. Can you back up your claim with specific example (link to the news item covering such an issue will be better)? I have used many cloud platform with multi-tenancy and I never came across a situation like what you are mentioning here. If you can show me an incident like that, I will be able to offer a more specific insight into what has happened.

I dont know if such a news item came out, but I deal with such risk assessments everyday. Unfortunately I cannot talk about it here because it is my "employer confidential". I can say confidently that cloud computing is undergoing a lot of scrutiny from the security professionals (not only in my company, but everywhere too) precisely because of the concern I have raised. Please note that I'm not saying that "cloud computing is insecure". That statement is indeed a myth, but cloud computing does require a higher level of scrutiny/risk assessment and mitigation techniques than normal single-app hosting because of sharing of resources.

Post Comment

User Name *

Use My Zoho Credentials...

E-mail ID

Website URL

Comment *

Cloud Computing: The myths, realities and everything else - Part 2

Related articles:

Post Comment