In the previous post, I tried to clear any confusion regarding the
meaning and scope of cloud computing. In this post, I will try to
squash some myths promoted by pundits ignorant about cloud computing
technology and companies whose core businesses are threatened by the
proliferation of cloud computing.
Myth: Cloud computing is not secure
Truth: It is quite wrong. Cloud computing is as secure as the
traditional datacenters and desktop PCs. Whether it is desktops in an
organization or servers in their datacenters, the data is as secure as
their security implementation. If the IT department or system admin
fails to be proactive in closing all the security holes including
social engineering loopholes, the data in the traditional datacenter
will be compromised. If the IT dept. allows the desktop users to
install vulnerable software from the web or from physical medium, the
PCs will be compromised. It is the same case with cloud computing
vendors.
The security of their service depends on how efficient they are in
managing it. The very lifeline of cloud computing vendors is the
service they offer and, therefore, they will be very efficient in
protecting the data on their infrastructure because that is the only
way they can protect their own business. No vendor would like to go out
of business and hence they will be obsessive about their security. Any
generalized argument about the lack of security in the clouds is flawed.
Then, there was a fear inducing meme that talked about how the
security attacks like the recent DNS exploit will doom the cloud
computing. This is clearly a scare tactic. If you dig a bit deeper, DNS
comes into play the very moment you step on to the internet. Any
exploit in the DNS systems will affect users in the same way
irrespective of whether they are using traditional datacenter based
web/app hosting or cloud based services. Such issues are not unique to
cloud computing alone.
Myth: There are privacy risks associated with cloud computing
Truth: It is not true either. In the real world, individuals
and small businesses face certain privacy risks when they do
transactions both online and offline. They share their data, including
credit card information, with vendors. They are assured certain of
level of privacy by the vendors and there are also some risks
associated with the transactions. It is the same in the case of cloud
computing too.
There are also some propaganda about government agencies accessing
the user’s data stored in the clouds and the associated lack of
privacy. It is not unique to cloud computing alone. In the offline
world, the government agencies can monitor your banking transactions,
library transactions and even your purchases. If you ever use internet,
there are risks of government agencies monitoring your usage through
the ISP or through any internet gateway. There is always the danger of
big brother looking over your shoulder in both offline and online
world. The users of cloud computing also face similar risks and it is
no different from the privacy risks faced in the real world.
Myth: Cloud Computing is not a proven technology
Truth: Even though we are experiencing a paradigm shift
towards cloud computing, it didn’t happen overnight. It is not
something that just popped up in front of the user all of a sudden. It
evolved slowly over a decade to reach the current level. We have been
having applications like email and calendar on the web for a long time.
We even had some verticals like payroll processing over the internet
for many years now. What we are seeing as cloud computing is the
maturation of these technologies coupled with the ubiquitous internet
availability through PCs, Laptops and Mobile devices. In spite of what
the naysayers would like you to believe, it is a proven technology
which evolved over a period of time.
Myth: Cloud Computing may suit individual consumers and small businesses and it will never enter the enterprise market
Truth: Cloud Avenue editor Zoli Erdos has blogged about this sometime back in his personal blog.
Reports indicate that by 2012, at least 80% of big enterprises will
spend their budget on some cloud based services. Also, according to a Gartner report,
the enterprise email through cloud computing will jump from 1% in 2007
to 20% in 2012. Big enterprises are not embracing cloud computing
overnight due to strategic reasons and their past investments in the
traditional IT infrastructure. As the cloud technologies mature,
enterprises will slowly but steadily move to cloud computing.
Myth: SaaS will never happen and traditional software will not go away
Truth: SaaS is happening. It is not a matured technology as
desktop software but it is going there. It is just a matter of time
before SaaS takes over completely. Saying SaaS will never happen is
like getting into a Los Angeles – Newyork flight in LA and immediately
claiming that the plane will not go to Newyork. We should have patience
to allow the flight to travel the distance. It is the same case with
SaaS. It has just taken off and it will be sometime before it matures
to become an all pervasive technology like desktop computing. Having
said that, traditional desktop software may not (and, in a way, need
not) go away. Let us take the case of transition from the postal mail
to email. Even in this era of facebooks and twitters, we still use
postal mail for some of our mailing needs. Even though these internet
based technologies had made postal mail almost irrelevant, it is not
dead yet. It may not even go away completely. We are going to see a
similar scenario in our transition from desktop software to cloud
computing. Slowly, but steadily, desktop software will become
irrelevant but we will still be using them for certain tasks. Just the
very existence of traditional software in the fringes of computing
doesn’t take away the importance of SaaS.
Myth: Cloud Computing = SaaS
Truth: As I explained in the first post of this series, cloud
computing includes SaaS, PaaS and Infrastructure as a service. SaaS is
just part of the cloud computing ecosystem.
Myth: Cloud computing is nothing but ASP and Client–Server architecture of the past
Truth: I have already posted about this topic in my personal blog.
I won’t repeat the same arguments here. As I have pointed out earlier
in this post, cloud computing didn’t happen overnight. It was a slow
evolution from its various predecessors like ASP, Client-Server
architecture, etc. With the ubiquity of internet and maturation of
hardware and network technologies, we could have a highly scalable
technology like cloud computing now. We couldn’t have had cloud
computing in the era of ASP or Client-Server architecture just for this
reason alone. We didn’t have the technology then. It might have had its
roots in the technologies of the past but they are clearly not the same.
Myth: We can only trust big players and not smaller ones and startups
Truth: It is not true. In the past few months, we have seen
downtimes with big players like Google and Amazon while many smaller
players have stayed stable. While big players offer the confidence
about the longevity of their business, it need not be the case. When
Microsoft was trying hard to consume Yahoo, there were worries about
the longevity of services like Flickr and Delicious. The users were
worried that Microsoft may shut down these services in favor of their
own products in their domain. On the other hand, when Google bought
Youtube, they were allowed to keep their brand, employees and, even,
office location and Google Video is slowly moving to oblivion. It is
just not true that big is better in cloud computing.
I think I have covered some of the myths floating around the web
regarding cloud computing. If you know of any myths or if you want to discuss more about the myths surrounding cloud computing, feel free to share your thoughts below.
You give security short-shrift and don’t really provide solid reasoning why its a myth. For good reason – it isn’t a myth. Cloud Computing does offer security risks. The fact that the alternatives offer risks too does not diminish this fact. The way to address this is not to dismiss the risks, but to note that Cloud Computing risks are different than “on-site software” risks. These risks have different impacts on consumers, small businesses, and large enterprises. In order to move past Gartner’s “Peak of Inflated Expectations” and “Trough of DisIllusionment” to the “Slope of Elightenment” (http://www.techcrunch.com/2008/08/18/where-are-we-in-the-hype-cycle/) we need to carefully assess those risks and find ways to address the risks that are appropriate for the different types of customers. I look forward to that conversation taking place here over the upcoming years.
My impression about cloud computing is that it will be slow to the end user.
Reasons –
1. All the computing happens at server end while the user interface is at the client end. So vast amount of data need to move to and fro. So the speed is not only constrained by Processor speed and memory but also by internet speed too.
2. I come from India where the Broadband penetration and speed is abysmal.
3. I have used zoho and google docs for office productivity but I don’t get the same experience that I get from Desktop Softwares.
Another impression is that – My data is not fully under my control.
Reasons –
1. As a Business my competitor can easily view my data. all he needs is my user name and password. My employee who is given the authority of user id and password can easily share it with his friend in competitor’s firm.
2. The firm providing cloud computing services may delete my data. I heard so many such cases in Web hosting centres.
mr.paul, thanks for your response. I didn’t argue that security threats in cloud computing is a myth. I only refuted the argument that cloud computing is insecure compared to traditional methods. I think I have made my argument clear on this by showing that the threats in cloud computing is no different from the traditional methods used now. Similar to the security policies we develop for protection in the traditional network, we have to spend out resources developing proper security policies while using the clouds. I am not arguing that cloud is the safe bet. I am just saying that the security in the cloud is as good/bad as the current models. I think my next post highlights the same thing.
Keshavaram, I have a post lined up which is going to talk about how cloud computing will help in developing countries. I will try my best to address this issue in that post.
keshavaram, regarding the next part of your argument, I beg to differ. Here are my reasons.
1) Your data is not in my control argument is similar to the arguments made by users in Indian industries when they moved from bulky paper archives to desktop. This is a paradigm shift. You lose control of your data within your firewall to get an ubiquitous availability of data wherever you go. This is just a mental block than a real issue. You need to develop a trust based relationship with the cloud vendor to get the advantages of cloud computing. It is like having a mental block to use credit card online. I know of many people who would want to pay with only cash and don’t want to use credit card online. Well, the net result is that they have to do extra work to get things done (like going to a shop that offers what they need and paying with cash).
2) If an employee is hell bent upon stealing your data, he/she can use a physical medium like USB drive or CD to steal it if you are using Desktop computers. He/she can photocopy the documents and steal (even worse, just write it down and take it) if you are still struck in the very old fashioned pen and paper format. It is my point of this post. I wanted to dispel the same myths which you are believing. There is no way it is unique to cloud computing alone. It is the threat we face even if we are struck in the stone age of paper based document storage.
Hi Krishnan,
Cloud computing has more security risks than traditional web hosting. In cloud computing, multiple users share the resources. If one user’s application has a security vulnerability, then the data of all the users sharing the same resources can potentially be compromised. So the users should take this in to account while designing their application for cloud computing/hosting, which would not be the case if they are hosting the applications by themselves. And also the cloud vendors should sandbox users’ applications and resources from each other. So both cloud vendors and cloud users have to take additional steps to secure their resources.
Shankar
I disagree with this. As far as I know, I haven’t come across a case like what you are mentioning here. Can you back up your claim with specific example (link to the news item covering such an issue will be better)? I have used many cloud platform with multi-tenancy and I never came across a situation like what you are mentioning here. If you can show me an incident like that, I will be able to offer a more specific insight into what has happened.
I dont know if such a news item came out, but I deal with such risk assessments everyday. Unfortunately I cannot talk about it here because it is my “employer confidential”. I can say confidently that cloud computing is undergoing a lot of scrutiny from the security professionals (not only in my company, but everywhere too) precisely because of the concern I have raised.
Please note that I’m not saying that “cloud computing is insecure”. That statement is indeed a myth, but cloud computing does require a higher level of scrutiny/risk assessment and mitigation techniques than normal single-app hosting because of sharing of resources.