Monday, January 3, 2011

Head in the clouds

One of the hottest ideas in information technology these days is "cloud computing."

The expression originates in an early Internet convention: customer-centric drawings that showed detail of Internet connectivity only at the end points. That is, you're likely to care how your computer (or phone) connects to the Internet. You're likely to care about the server that's providing a function to you. And the gear that lies between? The redundant components and fail-over mechanisms and keen in-the-background software that make the Internet resilient? For most end users, not so much.

To network engineers, those "between" things -- routers and comm links and protocol stacks and specialty servers for background functions like domain-name look-ups -- are, collectively, "the cloud." And so, many a network diagram (like the one nearby) shows connections into and out of a featureless cloud.

Cloud computing carries the "you don't want to know" model a bit further: now the server(s) providing functionality also disappears into the cloud. No longer need you store, say, your calendar, spreadsheets, or word-processing documents on your PC, laptop, tablet, or smartphone.  Advocates say: store everything "in the cloud." Access your data from anywhere and edit them "in the cloud."

Some cloud-computing examples? Google Apps (such as calendar, word processing, and spreadsheets). Office Web Apps (Microsoft's online version of Office), and BitTorrent file-sharing services.

Cloud computing, in other words, is ... the return of the mainframe. Cloud computing, IMO, has the same pluses -- and minuses -- old mainframes had. Centralized management: good. Centralized software maintenance: good. Loss of personal control: bad. And -- this item very bad -- cloud computing is far more exposed to networked mischief than most mainframes ever were.

(Aside/disclosure/life lesson: back when I was in grad school and dinosaurs hunkered down in big data centers, I developed a major application on a university time-sharing system. Came the head crash, and the data center's back-up processes turned out to be ... worthless. Nada was recovered. Fortunately I had an old printout covered with scribbles: every change I'd considered, made, unmade, revised, or rejected over the previous month-plus. And so I learned early in my career -- the person most concerned with the safety and security of my data had better be me.)

With cloud computing, your data becomes a small part of the holdings of a gigantic server farm ... somewhere. Is your data more or less secure on your PC or as part of a big, juicy target?

Just as Willie Sutton famously robbed banks "because that's where the money is," the $%#@!!s who write malware will surely turn their sights on server farms "in the clouds." Security firm Kaspersky Labs reports a Trojan targeting Rapidshare. And cloud computing seems like a great way to host -- and spread -- malware.

If cloud computing tempts you, here are some questions to ponder:
  • Which target is more likely to attract bad guys: your PC or a monster data center filled with the personal data of millions and the business/customer data of many corporations? 
  • Would you like to control if/when you upgrade to a new version of an app, or cede that decision to a service provider? 
  • Can cloud-computing businesses manage the safety and integrity of their huge data collections -- their customers' data -- any better than have other corporations? (Consider that just last month McDonald's and Walgreen reported break-ins to their customer data.)

I didn't like mainframes in the day, and I don't see how re-branding them  as "cloud computing" improves them.

(All that said ... if this post makes you rethink keeping your data in the cloud, also remember who is responsible for protecting your data: you. Make that: YOU. Up-to-date virus checkers, good computing hygiene, and regular backups -- including off-site copies -- are essential.)

1 comment:

Erik said...

Interesting read. You cannot overemphasize that data security is the responsibility of the user. That applies to protecting from data loss using backups, and protecting privacy using common sense.
I'm not concerned with the security of basic data (homework, calendar, etc.) and gladly store it in the cloud. More sensitive data probably shouldn't be stored in the cloud (banking information, the latest draft of Betrayer).