Friday, 30 March 2012

Hey you, get off of my cloud…c:\hiding geek-speak from the users\☺

In the age of broadband connectivity new terms have emerged that help support new and ‘evolutionary’ technologies to become common place. Commonly asked questions, early on in the technology adoption cycle, usually focus around clarification of the new terms and services. For the techno-geek fraternity out there, this becomes opportunity to show off their knowledge that may even quicken adoption of the technology that presents itself. Sometimes terminology could never make real sense to novice IT users with even near experts struggling to understand new ways of working; but occasionally a new way of explaining complexity emerges that really does simplify matters. As windows became the watchword for an operating system, the term Cloud should become the watchword for doing ‘my stuff’ online.

I have been asked on numerous occasions to explain how the ‘cloud’ can influence the way we work; and also why it is called Cloud, and not, Space or Sky. The timeline to the development of cloud terminology is unclear but I suspect it was generated to help inform non-IT experts of a space where your ‘stuff’ and ‘stuff you do’ is stored or accessed by you but you don’t need to know where or how it’s done. Traditionally, people needing advanced IT services also required a firm understanding of the 4 layer model of networks, resources, middleware and applications. Falling asleep already? Then a better way to explain this is to describe the cloud as a space that is managed by IT experts who take care of all the difficult technological bits (e.g. updating software, keeping the network up, fixing failed servers); and you just get on and do your work, just like the halcyon dream of computing used to be but failed to deliver on. Just like the average motorist doesn’t need to know how an engine works, cloud users do not need to know how networks and data farms do what they do. Calling it something like cloud paints a marketable image in the mind of the average person that detracts thinking away from wires and computer boxes and ghastly terminology like Platform as a Service (PaaS) or Software Orientated Architecture (SOA). I bet the computer industry hopes that it may even attract them into adopting cloud services more readily. Crucially, they should just seamlessly interact with ‘information space’ without ever needing to understand the complex infrastructure and processes that provide their ability to do so. Just like windows moved us away from direct communication with hard drives by giving us pretty icons to click on instead of difficult code (e.g. C:\god this is complicated\inhell\etc)…cloud helps hides the real complexity underlying its structure; but this comes at a price, right?

Although the transition into graphically pleasing operating systems helped increase the adoption of PCs into homes and businesses around the world, simplification of online software service provision, via the cloud, may do something more sinister for those early adopters that have not read the small print carefully. Security is a major source of concern in cloud services and is an area impossible to escape from if you are considering using online services. Security is also semantically technical which, at least, will keep the techno-geeks like me happy☺. Lots of tricky terms emerge like cyber security, data centres, service uptime, hackers and firewalls; and there isn’t an easy way of escaping this kind of terminology without generalizing away from the real risks. Work coming out of the Science and Technology Facilitation Council (STFC) Daresbury, under the direction of Dr Rob Allan, suggests that if you do not want your information/data to fall into the wrong hands then you probably shouldn’t be using the cloud at all. Although this comment is in stark contrast to cloud industry views, risks exist in the cloud that go beyond YOUR abilities to control. After all, most people do not use sufficiently complex passwords that would otherwise protect them from computerized hack attacks; and a good deal of criminal activity occurs within companies by its employees meaning that your account could be hacked very easily from within the cloud supplier. Few averagely skilled computer users are aware that systems administrators within cloud suppliers have full access to your accounts and therefore data…in the ‘old school’ IT model where all data was stored and protected by your IT department, safety protocols could be embedded to factor in the risks posed by company employees. This is much harder to police in cloud environments where several supplier businesses may be linked together to provide a complete cloud service. For instance, cloud technology businesses may rely on server farms to host their apps that are then sold to you. This means your data could be accessible to multiple businesses without you even knowing. OK, there are approaches to encrypting your data at various levels, but the truth remains, managing your own data on your own servers is the most secure approach.

Beyond the risk, fortunately in the UK at least, we are governed by clearly stated data protection regulations. The Data Protection Act protects users by forcing cloud suppliers and cloud service purchasers, that are based in the UK, to become data controllers; but many cloud suppliers are located away from this protected area (e.g. US). Although all cloud companies will do their best to protect your data no one can predict when or if the cloud supplier will be sold. It can be sold, and yes, your data could be moved to a geographic location that is not data protected. If you are a UK based organisation using a cloud supplier whose data is moved in this way, if you store data about customers that is data protected (e.g. names and telephone numbers, sales invoices etc.); you’ve broken the law as you are likely to be the designated data controller. So how can we get around this tricky legal issue?

The Rolling Stones song Hey you, get off of my cloud was rather prophetic to the issue. Without throwing away the benefits that the cloud can bring is the development of the private cloud concept; that is, run smaller scale, non-global clouds tailored to local conditions. For example, a private cloud guaranteeing UK data protection at all times as part of the service level agreement to customers. Some larger organisations already run their own private cloud services and technology is now available that allows them to do this will relative ease (i.e. virtualization). This provides them most of the benefits of cloud with less risk. The offset however, is that you still need to manage your own servers which is costly. Remember that by owning the servers you are in full control of the data. For smaller organisations that don’t have the ability to host their own services the image is less clear. It could be that ‘localized’ application service providers (ASPs) will work within guaranteed data jurisdictions meaning that data is always legally protected. ASPs could form from internet service providers that would hold the key to success. They understand the context of UK Data Protection regulations already and so will have a handle on how to manage your data via software tools they will rent to you. It is unclear if or when such services will be developed and deployed however. It will also require that re-sellable software becomes available and at this time few exist outside of a few collaboration (e.g. Microsoft SharePoint) and customer relationship (e.g. Sugar CRM) packages. To be honest, cloud technologies are presently few and far between and the long-term viability of the cloud concept will only be sustained if more services become available over the coming years. We will also have to watch out for evolutions of the cloud. For instance, Google’s Chrome operating system is technically a hybrid of the cloud vision by allowing users to directly integrate with Google cloud. Given Google’s successful development and deployment of the Android handset technology this may be a space to watch out for. In mean time, we’ll just have to wait to see how the sky looks when the sun eventually rises. Only then will we be able to see how many clouds are on the horizon, global or localized. Or indeed, who will be prepared to inhabit them…

2 comments:

  1. Thanks for sharing the nice information. your blog is very informative. I really appreciate it.
    e-Learning Security Courses
    Thanks.

    ReplyDelete
  2. Definitely agree with what you stated. Your explanation was certainly the easiest to understand. I tell you, I usually get irked when folks discuss issues that they plainly do not know about. You managed to hit the nail right on the head and explained out everything without complication. Maybe, people can take a signal. Will likely be back to get more.

    Collaboration technology

    ReplyDelete