Cloud Computing Now and the Future Essay

The use of cloud computing creates a growing interdependence among both public and private sector entities and the individuals served by these entities. This paper provides a snapshot of the advantages of cloud computing and the risk areas specific to cloud services which clients of cloud services should be aware of. The future of cloud computing is certainly exciting, but moving more of our lives online means we will inevitably have to consider the consequences. Cloud computing means dependence on others and that could limit our privacy because of policies to access our information, security could be a big issue and large companies like Amazon and Google could monopolize the market. The cloud is a metaphor for the space on the internet that can store your data, as well as applications to manipulate data. It is not clear when the term cloud computing was first coined. For example, Bartholomew (2009), Bogatin (2006) and several others suggested that ‘cloud computing’ term inology was perhaps first coined by Google Chief Executive Eric Schmidt in 2006. Kaufman (2009: 61) suggests that cloud computing terminology ‘originates from the telecommunications world of the 1990s, when providers began using virtual private network (VPN) services for data communication’. There is however, agreement on the definition of cloud computing. The National Institute of Standards and Technology defines cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (Mell 2009: 9). A computer’s operating system, data and applications are typically installed and stored in the ‘traditional’ computer environment. In a cloud computing environment, individuals and businesses work with applications and data stored and/or maintained on shared machines in a web-based environment rather than physically located in the home of a user or a corporate environment. Lew Tucker, Vice President and Chief Technology Officer of Cloud Computing at Sun Microsystems, explained that cloud computing is ‘the movement of application services onto the internet and the increased use of the internet to access a wide variety of services traditionally originating from within a company’s data center’ (Creeger 2009: 52). For example, web-based applications such as Google’s Gmailâ„ ¢ can be accessed in real time from an Internet-connected machine anywhere in the world. Cloud computing provides an online environment that is scalable which facilitates the ability to handle an increased volume of work without impacting on the performance of the system. The Cloud also offers significant computing capability and economy of scale that might not otherwise be affordable to businesses, especially small and medium size companies that may not have the financial and human resources to invest in IT infrastructure. Advantages include capital costs and running costs. Companies can leverage the use of large scale resources from cloud service providers and ‘add or remove capacity from their IT infrastructure to meet peak or fluctuating service demands while paying only for the actual capacity used’ (Sotomayor et. Al. 2009: 14) on a ‘pay-as-you-go’ economic model. It can also be significantly cheaper to rent added server space for a few hours at a time rather than maintain your own servers. Rental prices for Amazon Elastic Compute Cloud (EC2), for example, are between US$0.020 and $2.970 per hour in Oregon as an example. Pay only for what you use. There is no minimum fee. On-Demand Instances let you pay for compute capacity by the hour with no long-term commitments. As you can see in the above example the selected usage is 100 hours per month of On-Demand Instances, 10 reserved instances and 1000 GB of storage for 50 IOPS and 100 Snapshot storages. The monthly cost for this company would be $1449.41 per month. This could be much more cost affective for a company than buying the hardware and storing the information themselves. The only question is, how safe is this information that is being stored? The risk of cloud computing could be the security of the information being stored by a large company like Amazon. It is still unclear how safe out-sourced data is and when using these services ownership of data is not always clear. In a study done in 2009, a team of computer scientists from the University of California, San Diego and Massachusetts Institute of Technology examined the widely-used Amazon EC2 services. They found that ‘it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target’ (Ristenpart et al. 2009: 199). This demonstrated that the research team was able to load their eavesdropping software onto the same servers hosting targeted websites (Hardesty 2009). By identifying the target VMs, attackers can potentially monitor the cache (a small allotment of high-speed memory used to store frequently-used information) in order to steal data hosted on the same physical machine (Hardesty 2009). Such an attack is also known as side-channel attack. The findings of this research may only be a proof-of-concept at this stage, but it raises concerns about the possibility of cloud computing servers being a central point of vulnerability that can be criminally exploited. The cloud service providers establish the privacy policies to the companies that do business with them. The businesses are faced with their own privacy and confidentiality being determined by the terms of the cloud service providers. Failure to comply with data protection legislation may lead to administrative, civil and criminal sanctions. Data confidentiality and privacy ‘risks may be magnified when the cloud provider has reserved the right to change its terms at will’ (Gellman 2009: 6). Some cloud service providers argue that such juridical issues may be capable of resolution contractually via SLAs (Service Level Agreements) and the like. Clients using cloud services could include clauses in their SLAs that indicate the law governing the SLA, the choice of the competent court in case of disputes arising from the interpretation and the execution of the contract. The Cloud Security Alliance (2009: 28) also suggested that clients of cloud services should require their providers ‘to deliver a comprehensive list of the regulations and statutes that govern the site and associated services and how compliance with these items is executed’. Businesses should ensure that SLAs and other legally-binding contractual arrangements with cloud service providers comply with the applicable regulatory obligations (eg privacy laws) and industry standards, as the may be liable for breaching these regulations even when the data being breached is held or processed by the cloud service provider. Determining the law of the jurisdiction in which the SLA is held is an important issue. It may not, however, be as simple as examining the contractual laws that govern the operations of cloud service providers to determine which jurisdiction’s laws apply in any particular case. Gellman (2009: 19) pointed out that ‘[t]he user may be unaware of the existence of a second-degree provider or the actual location of the user’s data†¦[and] it may be impossible for a casual user to know in advance or with certainty which jurisdiction’s law actually applies to information entrusted to a cloud provider’. Businesses should continue to conduct due diligence on cloud service providers, have a comprehensive compliance framework and ensure that protocols are in place to continuously monitor and manage cloud service providers, offshore vendors and their associated outsourcing relationships. This would ensure businesses have a detailed understanding of the data storage information to maintain some degree of oversight and ensure that an acceptable authentication and access mechanism is in place to meet their privacy and confidentiality needs. This would also ensure a higher consumer confidence level in the entire cloud computing industry. The future looks bright for cloud computing. Last summer Google made a very large investment in bringing Google Fiber to Kansas City, broadband internet that is 100 times faster than what we currently have today. Faster internet speeds means larger files can be stored and downloaded from the cloud. Netflix says, ‘It’s the most consistently fast ISP in America.’ Analysts from BTIG Research visited Kansas City last month and were â€Å"blown away,† by the service (Jeff Saginor 2012: 1). But at it’s heart, ‘Google’s attempt at being its own ISP is much more about forcing the entrenched service providers –the Verizon’s and Time Warner’s and AT&T’s of this world – to step up their games than it is about making this particular business a raving financial success’. Saginor goes on to say, ‘When I asked the Google spokeswoman what the ultimate goal of all this was, she replied that Google wants â€Å"to make the web better and faster for all users.† The implication is that they don’t want to just do it all themselves’. Cloud computing means dependence on others and that could limit our privacy because of policies to access our information, security could be a big issue an d large companies like Amazon and Google could monopolize the market. The Cloud provides an online environment that is scalable which facilitates the ability to handle an increased volume of work without impacting on the performance of the system. The risk of the cloud could be the security of the information being stored by a large company. It is still unclear how safe out-sourced data is and when using these services ownership of data is not always clear. Businesses should continue to conduct due diligence on cloud service providers, have a comprehensive compliance framework and ensure that protocols are in place to continuously monitor and manage cloud service providers, offshore vendors and their associated outsourcing relationships. The future of cloud computing is certainly exciting, but moving more of our lives online means we will inevitably have to consider privacy, security and ownership of the information. References Amazon Web Services http://aws.amazon.com/ec2/pricing/ Creeger M 2009. CTO roundtable: Cloud computing. Communications of the ACM 52(8): Bartholomew D 2009. Cloud rains opportunities for software developers. Dice 29 May. http://career-resources.dice.com/articles/content/entry/cloud_rains_opportunities_for_software Bogatin D 2006. Google CEO’s new paradigm: ‘Cloud computing and advertising go hand-inhand’ Zdnet 23 April. http://www.zdnet.com/blog/micro-markets/google-ceos-new-paradigmcloud-computing-and-advertising-go-hand-inhand/ Cloud Security Alliance 2009. Security guidance for critical areas of focus in cloud computing V2.1. http://www.cloudsecurityalliance.org/csaguide.pdf Gellman R 2009. Privacy in the clouds: Risks to privacy and confidentiality from cloud computing. http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf Hardesty L 2009. Secure computers aren’t so secure MIT press release 30 October. http://www.physorg.com/news176197396.html Jeff Saginor 2012. What does Google get from supercharging Kansas City’s Internet? http://www.digitaltrends.com/opinion-wh-google-will-never-take-its-fiber-national/ Kaufman LM 2009. Data security in the world of cloud computing. IEEE Security & Privacy July/August: 61-64 Mell P 2009. Effectively and securely using the cloud computing paradigm. http://csrc.nist.gov/groups/SNS/cloud-computing/cloudcomputing- Ristenpart T, Tromer E, Shacham H & Savage S 2009. Hey, you, get off my cloud: Exploring information leakage in third-party compute clouds, in proceedings of the 16th ACM conference on Computer and communications security, 07. New Your, NY: ACM Press: 199-212 Sotomayor B, Montero RS, Llorente IM & Foster I 2009. Virtual infrastructure management in private and hybrid clouds. IEEE Internet Computing 13(5): 14-22 Mark D. Bowles (2010). Introduction to Computer Literacy. Retrieved from chapter’s six and seven. (Awl, 2009, p. 52)