Last week saw the emergence of some news that got the usual critics of cloud computing ecstatic about another chance to call bluff on anything cloud. The first one was an extended outage of the bitbucket service hosted on Amazon EC2 and the other one is the lost data on T-Mobile sidekick. We could make a case to dissociate the Microsoft Danger problem in the T-Mobile Sidewiki episode from Cloud Computing but it will be more of an academic interest. As far as T-Mobile sidewiki customers are concerned, they are accessing the data stored somewhere in the internet using their mobile device which is what users have come to expect from cloud computing too. Leaving aside these academic discussions for ego-sessions on Twitter and elsewhere, let us take a realistic look at what is happening in the cloud marketplace and see if we can come up with strategies to improve the trust factor in cloud computing. BTW Amazon, it appears EC2 is still vulnerable to UDP flood attacks (at least at the time when that blog post went live).
While arguing about certain advantage enjoyed by private clouds over the public clouds, Lori MacVittie also points out to the bitbucket incident and argues that private clouds offers better control over the operations than the public clouds and hence a better chance to identify any inefficiency in the process. In short, Lori attributes the lack of visibility due to the outsourcing of cloud operation as a major reason for missing any operational inefficiency. Without being religious about whether private clouds are actually clouds or just virtualization with an management layer on top of it, I agree with Lori’s argument about the lack of transparency in the public clouds. In fact, when we evangelize about cloud computing, we do highlight the fact that we give up some control to reap the benefits of cloud advantages including its low cost. Quoting Gartner’s article about the factors that inhibit the adoption of cloud computing, Ismael Ghalimi also advocates the use of private clouds.
Well, the point of this post is not to advocate the use of private clouds. As I have told many times here at Cloud Ave, I see private clouds as an intermediate step before enterprises jump into public clouds for most (if not all) of their workloads. I am pretty sure that economics will take care of that once the public clouds mature in terms of technology and security. The motivation behind this post is to highlight certain strategies that are essential for the very success of public clouds in the long term. More specifically, I am going to continue with Lori’s take about the lack of visibility in the public clouds and argue that the cloud customers should take the responsibility in their own hands and demand transparency from the cloud vendors.
Even though most of the cloud vendors are innovative in adopting a new technology in their business, they still conduct their business in an old fashioned way, without any transparency. In this era, when even the government has opened up and become somewhat transparent, the private sector is still secretive in the way they conduct business. Some of the vendors are not as forthcoming as others. The bitbucket outage exposes the lack of transparency in the case of Amazon Web Services. In fact, many of the cloud vendors think that putting some green and red dots in a dashboard is transparency. It is time for the vendors to understand that the customers need more than the green and red dots. They need a throat to choke and a detailed and real time information on what is happening with their service (especially, when there is something wrong). In short, what they need is a complete transparency.
I do agree that it is ridiculous for anyone to expect the cloud vendors to openly talk about their network topology or put their encryption key in a public website. However, it is reasonable to expect that they give some information about their architecture, backup policies, security policies, etc.. It is also very reasonable to expect them to have a direct line of communication with their clients during outages and, also, inform them in real time about what is going on and how they are dealing with it.
Unless the customers of cloud computing demand in a single voice, the vendors have no motivation to be transparent about the outages and any security gaffes. The sad fact of this story is that most of the customers of cloud computing do not care about what is happening inside the cloud services they are subscribed to. They consider cloud computing to be a way to outsource IT and are confident that they need not worry about anything except making sure that there is credit available in the credit card they used with the cloud vendor. Most of the customers of cloud computing don’t even bother to do any planning for such outages till they are at the receiving end of such problems. The complete lack of responsibility on the part of customers only encourages the vendors to avoid being transparent.
The only way for us to get some transparency from the likes of Amazon, etc. is by demanding transparency. In fact, this lack of transparency opens up an opportunity for some new player to step in and differentiate their offering from other existing players by being transparent about how they do the cloud business. Since the cost of switching in the clouds are somewhat cheaper compared to the traditional IT, the customers might use the leverage to demand transparency. If Amazon fail to be transparent, one can check with the fanatical support of Rackspace and see if they are willing to be transparent. If they also fail to be transparent, one can negotiate with the smaller players like GoGrid and ask them to be transparent.
It is in the hands of the customers to get the market forces produce transparency automatically without any need for an external force like government regulations. The events like Bitbucket outage and Sidekick data loss (though it is not related to cloud computing as such) should serve as a wake up call for the customers of cloud computing. Smaller players should leverage the ease with with they can move to a new service as the negotiating tactic for transparency. I am sure that the bigger players can extract transparency by the sheer size of their wallet. In this era where the customers have every tool at their disposal to get empowered, all they have to do is to wake up and demand transparency to the cloud vendors.