dcsimg

Cloud Computing: Resistance is Pointless

Cloud Computing is the future of computing but resistance is high due to the presumed lack of control and ownership. These jitters will pass.

Ours is a service economy. And a very popular one with most consumers. Regardless of our ability to do something ourselves, more often than not we jump at the chance to have someone do it for us. Whether it requires little training — managing our money, cooking our food — or a lot — fly us about in aeroplanes, diagnosing and treating disease — we tend to be fine with someone else taking the wheel. Fine, that is, until we start talking about the dreaded “D” word: Data.

For a growing number of people, allowing a remote provider to host our applications, storage and desktops “in the cloud” isn’t just another service to subscribe to, it’s downright foolish.

“One reason you should not use web applications to do your computing is that you lose control. It’s just as bad as using a proprietary program. Do your own computing on your own computer with your copy of a freedom-respecting program. If you use a proprietary program or somebody else’s web server, you’re defen[s]eless. You’re putty in the hands of whoever developed that software.”
– Richard Stallman, Guardian News Interview

Defenseless? I disagree. Cloud Computing doesn’t remove control over your data, documents, or applications — it simply shifts their location and some of their care to a third party. What is so important about your physical proximity to your computing resources that makes Cloud Computing so unpalatable? Most often, the answer is control or the perceived lack of it.

By moving your applications, storage, or even desktop infrastructure to an external provider, you aren’t losing control but rather gaining more of it. Anyone who uses a hosted web or mail service knows that you have 100% control over the content without the worry of where it is and whether or not the service is available. Perhaps the best options to maintain your desired level of ownership and control is through Service Level Agreements (SLAs), Control Panels, and Administrative Tools — all provided to you by your hosting company.

  • Service Level Agreements SLAs give you leverage with your service provider. As a written contract between you and the provider, you maintain the same financial control over your assets as you would if those assets existed in your own Data Center. SLAs outline such services as backup and restore, regular maintenance, guaranteed uptime and availability of your applications and data.
  • Control Panels Control Panel availability and functionality varies from provider to provider but usually allow you to maintain your own Access Control Lists (ACLs), user accounts, host security, mailboxes, databases, and so on. Control Panels are centralized management applications for your specific leveraged infrastructure.
  • Administrative Tools These tools also vary widely but provide you, with site statistics such as space usage, bandwidth consumption, and website hit analyses. These tools often provide you with a better view into how your business performs since they aren’t skewed by availability, personnel issues, bandwidth limitations, or other factors affecting localized operations.

With any new idea, at first there is resistance, which for Cloud Computing translates into fear that some evil third party is anxiously lurking about on the Internet to steal your data. According to a recent IDC survey, almost 75% of their respondents stated that security is their primary concern when considering the shift to Cloud-based computing. Rounding out the top five issues preventing acceptance are performance, availability, integration with in-house IT, and not enough ability to customize.

Cloud Computing and Virtualization

Cloud Computing isn’t virtualization or vice versa but Cloud Computing creates an excellent platform for virtualization. Amazon’s EC2 (Elastic Compute Cloud), for example, is a Cloud Computing environment (as the name implies) built using Xen. Alternatively, Google bases its Cloud environment almost entirely upon physical hardware. Providers who create Cloud-based environments for public consumption, like Amazon’s EC2, will do so using virtualization due to its low cost, flexibility, and high performance.

Additional hindrances to Cloud Computing model are the rants of such high profile personalities like RMS above or Larry Ellison, Founder and CEO of Oracle, who thinks Cloud Computing is a “fad.”1 I beg to differ. I remember a time when the Internet received similar marketing hype as The Information Superhighway, demonic and a host of other negative labels. And least we forget, Linux was roundly dismissed a “niche” operating system not so very long ago. The years between then and now have demonstrated otherwise.

Today, my bet is that moving to the cloud isn’t something that is extremely pressing for you or your business. But some aspects of your computing environment are probably edging in that direction and, sooner or later, you will likely have to decide whether to start looking for silver linings or sticking with the expert’s gray skies.

And as for “defenseless?” Hardly. Just make sure your cloud has a built in umbrella and you’ll be fine.

1 Mr. Ellison’s comments coming less than a week after Oracle had released a cloud-enabled product suite. In Mr. Ellison’s defense, he does tend to get tripped up by new technologies. You should recall he also thought that MySQL was only good for keeping “track of your recipes.”

Comments on "Cloud Computing: Resistance is Pointless"

omadawn

I fail to see how “Anyone who uses a hosted web or mail service knows that you have 100% control over the content without the worry of where it is and whether or not the service is available.” when anyone I know that has used hosted web or mail service knows that you do not have 100% control.

You have no control over critical items such as: Patches, expansions/plugins, upgrades. I know of more than a few enterprises that have opted out of solutions because providers were unable to provide them functionality that they would be able to provide themselves if they ran it in house.

Don’t get me wrong. I think cloud computing is definately going to be a viable solution and much more than ‘a fad.’ especially given the ability to provision servers on demand. the ability to expand your computing environment on the fly without costly hardware is HUGE. So is having someone take the maintenance off your hands for many people who would have issues patching systems on their own.

For resource constrained (space/cooling/sysadmin/others) It is a fantastic solution. For people with very specific needs, not as much.

once again good for probably %80 of the cases but not for all.

Reply
lelnet

Ultimately it comes down to “what happens if the cloud fails to deliver?”. A really good SLA (such as cannot be had from any but the very most expensive providers of hosted services) can cover you adequately if the consequence of temporary failure is minor inconvenience to a few employees and maybe a few lost sales. But if the risk is existential (that is, if a meaningful failure would put the company on the road to liquidation) there’s going to be much less willingness to trust, at least until the market conditions change enough that the typical hosted-service provider offers an SLA, and the high-end providers offer SLAs that don’t exclude coverage of incidental and consequential damages…not to mention a very long track record of reliability.

The day when utility computing is as reliable as the power and telephone utilities would be a massively great day for the practice. And yet even those well-known reliable entities are backstopped by generators and multiple redundancy, in a well-run IT shop, indicating that we (justifiably) don’t trust them completely.

Reply
khess

Two separate issues here but let me tell you that I a) use a major hosting provider for my email service and I have all the control I could ever want and this is coming from me, who used to run his own DNS, mail, web, etc. services in his own business.

b) I work for a company in a section that performs web hosting and we live by our SLAs. And, even the smaller hosting providers give you a SLA which guarantees uptime, availability, notice of outages, etc.

There are stiff financial penalties for outages covered by the SLA.

Reply
lelnet

When I’ve got 25,000 people standing in line to register for a convention and the line stops moving for an hour and a half because your servers experienced an unexpected outage, will your SLA buy me a new business? Or will it say, as every SLA I’ve seen has done, “here’s a credit against your next month’s hosting bill, so sorry about that”?

If not, I’m not prepared to trust your cloud with my mission-critical functionality. I’m going to build it myself. To you, a stiff penalty is one that wipes out the company’s fund for annual bonuses. To me, a stiff penalty is one that makes an unplanned outage inconceivable by putting as much of your skin in the game as I have of mine. I’ve never seen an SLA like that, and I’ve been in the internet services business since before 99% of the population had heard the word “internet”.

If you can’t get your email for a little while, you’re annoyed. If my IT services go down at the wrong time, I’m bankrupt.

Reply
khess

That seems like a perfect match for Cloud Computing. Your outage would likely not be the Cloud failing you but your local Internet connection.
The whole point of the Cloud is that there would be no outages. By design, it is unbreakable. In each individual data center (DC), you have HA server systems, connected to redundant Load Balancers, and if one whole Data Center goes offline, the network would “fail over” to a different site. For that matter, you may not hit the same DC twice in a row…another point of the Cloud is that your data is everywhere.
It’s ok to oppose Cloud Computing right now, no one’s faulting you for it. New stuff always meets resistance and there is a Zeitgeist associated with things like this. Right now you oppose it, in a year, you’ll be one of its biggest proponents and never remember or admit this thread. ;-)

VMworld had 15,000 registrants–which one has 25,000?

Reply
songwind

I think that Cloud computing offers serious benefits in a lot of situations, but I think that saying you don’t lose any control is specious.

Who’s managing “your” servers? What is their arrest record? Do they lock their workstation when they get up for a smoke break? Any time you put your data into the hands of people you don’t know personally, you have lost control of who accesses your data, and other procedural security measures. There are ways to mitigate this risk (encryption, etc) but that doesn’t change the fact that you HAVE lost control of that aspect of operations.

Also, in reference to the above comment’s hypothetical convention registration failure, you *have* added additional points of failure. If my business works locally, I have my servers, my network to worry about. If the data and/or apps are distributed, I have my physical internet connection and my ISP to add to that list.

I think that rather than a blanket statement that cloud computing offers no loss of control, or is perfectly safe, it would be more useful to offer suggestions on how one can evaluate a cloud computing provider, and related services, for reliability and safety.

Reply
bobewart

I started in an age where everyone had a dumb terminal on their desk connected to a mainframe. When the mainframe went down, we all sat on our hands and waited. (In at least one case, we were waiting for a plumber to come and fix the water cooling system. :-) ) Of course you can say that modern servers can have redundant systems to prevent that. But what happens when your internet link goes down, as mine does frequently.

You don’t have 100% control over your website when it gets hacked and it takes forever to get them to fix it. Or when someone gets through the firewall and downloads all your sensitive data. The bigger the target, the more likely it is to be attacked.

Cloud computing is not a new idea. It is a return to an old one. And less secure than the old mainframes that were not connected to an increasingly insecure internet.

Reply
lsk040365

Short and sweet–People maintaining the back-end servers and systems will lose their jobs to your so called clouds in the sky…

What will the admins do for a job in their current company?

Reply
avagothen

I have to disagree with the author on this. I doubt Richard Stallman ever “roundly dismissed” either The Internet or Linux. I appreciate that this was not stated explicitly, but the way this article has been written implies it. In fact RMS wrote a large part of the GNU kernel which is used in Linux. His words are not a rant, they are the considered opinion of a man who has sided with freedom above all else. If you think he is spelling doom, better you think more on the subject before announcing to the world that he is wrong and you are right.

That’s my rant over! Now to a more reasonable argument…

I currently have 100% control of my data; how could I possibly be “gaining more of it” ?

An couple of examples of losing control:
. Some government officials, domestic or overseas, want to examine my data for some reason. Currently I can say yes or no to this, depending on the circumstances, but if someone else physically has my data they may decide to give it up to whoever ‘officially’ asks for it, without my approval.
. If I don’t login to my free hotmail account for a month, my account and all my messages are deleted. I know I can pay a monthly fee to stop this happening, but then I’m paying for some control, not for the service.

These may not be the most robust examples that could be made, but my point is that there are many negative scenarios applicable to many different people. Sure, some people will be happy to migrate entirely to a cloud; many others may find it useful for certain activities; but many will have enough valid reasons that they will have no part in it.

Also, having your data stored remotely puts another possible point of failure between you and your work, i.e. your Internet connection. Failure of this would not be the responsibility of the cloud provider but if you are not able to access your data, who is ‘liable’ is largely academic.

Finally, a quick word to khess: The scenario put forward by lelnet was a cloud scenario. Not only did you misunderstand, you then went on to be both patronising & condescending, smileys notwithstanding. I, for one, would prefer it if such comments were kept to yourself.

Reply
stuartquimby

Wow, the reality-disconnects in this author’s article are stunning.

“Anyone who uses a hosted web or mail service knows that you have 100% control over the content without the worry of where it is and whether or not the service is available.”

This statement is just… wrong. Anyone with any sysadmin experience could provide a long and sorry list of where the SLA’s, Control Panels, and Admin tools just didn’t even apply, let alone fix the problem. The list of security lapses by various companies ‘in the cloud’ is long and well-documented. Internet connection quality across the US is not even close to good enough to justify this kind of strategy. There is only a marginal equivalence between web hosting and mail (where communication over the internet is inherently necessary), and moving a company’s essential applications and data to the control of a third party. The practical differences between these two situations deserves an entire article, not just a forum response.

So, yes, *if* a myriad of technical details someday work out just the way the author is apparently envisioning, and *if* humans suddenly get some universal urge to always do ‘the right thing’, and *if* legal agreements suddenly start to coincide with what really happens in real-life business, and *if* web application user interfaces start to get even *anywhere close* to apps running locally – I’ll be right there with him ‘in the cloud’.

Until then, no thanks.

Stuart Quimby.

Reply
xitron

Consider PCI, Sarbanes-Oxley, Cybertrust, SecurityMetrics, etc. Various requirements that say your data is safe from . When in house, you at least have some control over the data. In order to become PCI or SOX compliant, you’ll need to certify the cloud. Good luck with that!

Unca Xitron.

Reply
xitron

I actually said “safe from fill-in-the-blank” but because I put it between less-than and greater-than symbols, it got stripped. I hope this helps clarify my sentence in the message above. :-)

Unca Xitron

Reply
khess

It seems that some of you have failed to read my comments. I have current experience in a web hosting environment and with using distributed services.

By “gaining more control”, I mean that service providers give you access by standard methods (terminal services, SSH, SFTP, etc.) and you get usage statistics, etc. as well.

For most people who will use CC in the near term, they will use it for hosted applications and it won’t make a difference if your ISP or you have a problem getting to the Internet or not. Your applications will be available to the world at large to use regardless of your status.

As I said in the article, there is resistance–namely based on security but other reasons as well. No, CC is not new but Mainframes are a good example of the future and its past. My article post for next week is on that very subject–having to do with Mainframes as the next major virtualization platform. MFs are also viable for CC.

The bottom line is this: CC is a soon to be fact of life whether or not you use it for your own business, you will use it for other things and won’t even know it–hence the title of this piece.

Reply
khess

To Xitron:

There are people working on this certification right now. If you email me personally, I can point you to them.

Reply
xitron

Went to your linux-mag page, @khess, and didn’t find a link to send you email personally. Would enjoy learning what the CC crowd is doing toward PCI and Sarbanes-Oxley, as I’ve just spent the last 2 years of my life getting compliant, and the next round of PCI ought to pretty much shut down every mom and pop shop in the world.

Unca Xitron

Reply
graemeharrison

These are not the druids you are looking for….
Sorry, given the ‘Resistance is futile’ reference I couldn’t help myself.

One issue NOT addresses is court-access. When your media files are all happily on your various terrabyte hard drives at home, you pay nothing to watch the movie you converted from a purchased DVD to a scratch-proof, loss-proof digital image. Moreover, you pay no data download charges to view it. (Only the US has truly unlimited downloads, and that pricing formula is close to broken.)

But put your files on someone else’s hosted service and now any court (even in another country) could order a search or history-search of what you had stored. When it is in your own premises, it is much harder for others to gain such access, and you always retain the right to delete.

IMHO, these issues will remain impediments… So, just like some people are well suited to web-based email solutions, some will love the solace from cloud computing. But some will prefer the greater control. And with the cost of storage about to drop below US$100/TB, the cost to store your own data will not be significant. It will come down to trust.

Reply
khess

I still don’t understand the issue of control when speaking of local files and services. This perceived control on local files and services also means local responsibility for backups, restores, fault tolerance, uptime, and so on. I used to have and run my own local services and can tell you that it’s not fun and having the files local is not giving you greater control–just greater responsibility.
Personally the Cloud gives me peace of mind that my services and files are always available. I don’t think they are any more or less safe in the Cloud as they are on my own computer. People falsely perceive proximity as safety. Don’t kid yourself–most data thefts come from within your own company rather than from third parties.

Reply
khess

For a complete look at a current provider, see the details at this link: http://aws.amazon.com/ec2/ Amazon’s EC2 Services. Scroll down to Service Highlights where you’ll see:

[Completely Controlled – You have complete control of your instances. You have root access to each one, and you can interact with them as you would any machine. Instances can be rebooted remotely using web service APIs. You also have access to console output of your instances.]

Reply

What’s up friends, pleasant post and nice urging commented here, I am really enjoying by these.

Reply

Howdy! I know this is kind of off topic but I was wondering which blog
platform are you using for this site? I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at alternatives for another platform. I would be awesome if you could point me in the direction of a good platform.

Reply

certainly like your web-site but you need to take a look at the spelling on quite a few of your posts. Several of them are rife with spelling issues and I in finding it very troublesome to inform the reality however I will definitely come again again.

Reply

Throughout this awesome design of things you’ll get an A+ for effort and hard work. Exactly where you actually confused everybody was on all the facts. You know, they say, details make or break the argument.. And that could not be much more true here. Having said that, allow me tell you what did do the job. Your article (parts of it) is certainly incredibly convincing which is probably the reason why I am making an effort in order to opine. I do not really make it a regular habit of doing that. Secondly, while I can notice the leaps in reasoning you make, I am not certain of exactly how you appear to connect your points which in turn produce the conclusion. For the moment I will subscribe to your point but hope in the foreseeable future you link your facts much better.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>