Idiotic buzz words!
There are many buzz words and hype the computer industry has created over the last decade. If I had to pick my number one phrase for being the most misused, annoying and idiotic it would be “Cloud Computing” or “Cloud Services” and any other usage of the word “Cloud” in this context. The industry in general is now using terms like “Private Cloud” what planet have these people stepped off? It’s a building with a bunch of computers in, umm now let me think wasn’t that my datacenter?!! Also didn’t we have other terms like “Intranets”, “Extranets” and other “nets” to describe separate networks, come on!
This industry also seems to enjoy creating new acronyms for things and although I am not against acronyms if they are necessary making up things like, “SAAS”, “DAAS” and “NAAS” who are these people trying to kid. Also haven’t we been here before to some extent? Less than a decade ago I seem to remember people talking about ASP’s being the next big thing, where are they now?
For those of you who don’t know what I am talking about when I refer to “Cloud” lets try and define it because there seems to be a myriad of definitions for it out there doing the circuit. You have a business, could be small, could be big, it doesn’t really matter. You say to yourself rather than doing all that complicated technical stuff needed to run my business or because I don’t have the resource or startup capital right now I’ll let someone else handle that . That person does have the know how, the resources and can spread my cost base over a period of time, and this makes sense you don’t have to be a genius to see the benefits of doing this.
Outsourcing
So however you wrap it up “Cloud” is essentially about outsourcing your business processes and assets to an external provider. You may decide to do this in combination or in a step by step process. Now for the “one man and his band” this may be fine, and as I said earlier you don’t need to be a genius to see the flexibility that this “pay as you go” type service offering gives you.
But is this right for an enterprise business?
Would you really outsource all of your core business services, assets, data, intellectual property to a service provider? If I put my security hat on for a moment I would have to say if as a business you decide to go down this route then you would without doubt be commiting corporate suicide.
Would you put all your confidential data and any other intellectual property you had in a skip on the street? Would you leave your valuables in your car unlocked? Would you leave your front door open? Of course you wouldn’t unless you were completely stupid, and I am not trying to scare anyone here I am trying to make people think and get some perspective on the situation.
Step back for a second and look at what “Cloud” strategy is going to give you. Way up the benefits and then however the marketing people (by the way I don’t have anything against marketing people!) wrap the wolf up in sheep’s clothing, strip it bare, get back to basics and ask why am I doing this, what will it achieve that I don’t already have today or can’t do in other ways. Then look at protection, how do I protect myself if I do decide to go down this road to armegeddon. You may have high security standards and practices, the provider however may not or even if they claim they do, may not bother to implement them for reasons of cost.
Then what about insurance can the provider indemnify you if a security breach occurs?
Unless the provider is very large and lets face it today there are only a handful of those that make up the hundreds of other companies starting to offer cloud services, then the answer is that no insurance underwriter is going to provide those organizations with adequate insurance for indemnity purposes.
Sharing
Lets say for a minute you do decide that “Cloud” is for you, you like the idea of saving money its going to make you look good in the board room, it will save the organization millions, help you link with new business partners, whatever the reason.
When today a breach occurs that results in you losing thousands of credit card numbers or core IPR of some sort, when you enter the board room tomorrow are you going to look that brilliant. No you will be making a fast exit but the aftermath to the company you worked for could be catastrophic, share prices could plummit, customer confidence falter, brand reputation suffer, you get the picture.
FUD
Am I trying to feed you FUD? (fear, uncertainty and doubt for the uninitiated) well maybe to drive the point home. The reason I paint the above picture is that if you outsource your assets to a provider you have to be damn certain that you can TRUST them. Further still it’s not that you just TRUST them but all the business connections they may have as well as the other customers that are using their services alongside you. Is the provider offering you dedicated resources or are they shared, and when I talk about sharing I mean at all 7 layers of the OSI model, from the application, to the network to the physical layer.
If these resources are shared which they will be as that’s why it’s cheap, how does the “Cloud” provider offer you robust security? How do they guarantee the same levels of security you have today within your own network? The answer is they can’t and if they say they can then walk away!
Attacking management frameworks
We have already seen attacks on social networking sites, and business sites, most recently at Black Hat 09 in Vegas a talk titled “Clobbering the Cloud” showed how researchers compromised the management frameworks of “Salesforce.com” to extract data that didn’t belong to them.
Virtualization
So where does virtualization fit into all of this? vCloud? VMware have a so called cloud operating system and are making moves into this space in a big way with their own service offerings. Microsoft and Xen are also starting to do the same thing so virtualization is becoming very much a part of the “Cloud’, whether this is the network, the operating systems or applications Does it complicate things? Does it make things easier? There is no black and white answer to this if anything depending on your perspective it makes things easier and it could if implemented correctly be more secure.
Unfortunately history has shown us that even if we have the most technologically advanced system in our grasp, human nature in the end just lets us down, the enigma cipher machine is a classic testimony to this.
Right now I’m off to get myself a brew in my virtual shed or was that cloud at the bottom of the garden!
Link to this page