The biggest cloud-computing issue of 2009 is trust
In cloud computing lately, trust seems to be on everyone's mind.
Alan Murphy of the Virtual Data Center blog points to the dynamic nature of the cloud as a reason why there will need to be more "trust" between customers and vendors:
So moving forward, as the security people tear apart the (in)security of cloud computing, the rest of the world will just need to take that leap of trust. A lowering of our standards for what we can control in the cloud's outsourced data model.
As an end user, it kills me, but I know I have to make those sacrifices, if I want to use those services. So I have to modify my level of trust, and apply new and stronger safeguards to the rest of my work flow processes (personal and professional) to make sure I'm able to recover if/when there is a massive breach that's beyond my control.
My recovery is something I can control, and I definitely trust myself.
Chris Hoff of the blog Rational Survivability responds by pointing out that if more trust means less security, we've got a problem:
In simply closing our eyes, holding our breath, and accepting that in the name of utility, agility, flexibility, and economy, we're ignoring many of the lessons we've learned over the years, we are repeating the same mistakes and magically expecting (that) they will yield a different outcome.
A few months ago, I sat through a very cool "unsession" at the Cloud Summit Executive in San Jose, Calif., in which the conversation ranged across an incredibly broad range of cloud-related subjects. I wrote about that session not long after, but I was reminded of it again, after a conversation with Alan Cohen, in which he articulated his belief that what every enterprise wants from the cloud revolves around a single word.
Throughout the cloud summit session, that same word kept rising to the surface, time and time again: trust.
Trust is at the heart of the resistance that many enterprise customers have with the cloud. Take the cloud skepticism of SearchDataCenter.com's Chuck Goolsbee. Among many concerns he has with the cloud-computing model, he points to applications that must pass Payment Card Industry muster. PCI standards are thorough and intense, and Goolsbee doesn't think that the cloud is up to the task:
So can any of this be trusted to a cloud? I doubt it. A cloud is amorphous and indistinct. It is layer seven, abstracted from all the lower layers. You can't audit a cloud. It is virtual. Sure, we all know that it translates to a physical manifestation at some point, but can you touch it?
Can you audit, with absolute certainty, its file systems, logs, and physical access? Can you be absolutely certain that it is physically secure? Can you be absolutely certain that its virtualized file systems are not mingled on a physical disk with somebody else's data?
Absolute certainty is required for compliance. You can't find absolute certainty out there in a cloud, by definition.
Did you catch that first sentence? To Chuck, PCI in the cloud boils down to trust. Folks like Murphy and Hoff, who talk about cloud security, are obviously talking about trust. Those worried about data ownership are worried about trust--as in "I don't trust such a critical asset to anyone but my own company."
Those interested in "cloud sprawl" are worried about trust--as in "how can I trust that my employees aren't wasting my money or putting my data in harm's way?" CFOs worry about trusting that cloud bills will stick to some predictable budget over the course of a year.
But trust is being addressed in the cloud, as we speak. Rich Miller of Data Center Knowledge outlines a response to Goolsbee's PCI concerns, and he points to a very important post by Michael Dahn of the PCI Blog. Michael Sheehan at GoGrid responds to several of Goolsbee's other points.
I'm not saying that all trust issues (even all the ones Goolsbee outlines) are handled now, or will clearly be handled in the next year or two. Rather, I note that no enterprise seems eager to commit key applications to the cloud without security and control--both trust issues. Entrepreneurial opportunity abounds to solve trust issues.
One of the biggest contributors to trust solutions in the cloud will likely be your network service provider--both old-school carriers and new-wave mobile networks pushing into that market.
Imagine an explosion of new network services that build trust into your service, without the requirement to alter application or infrastructure architectures. Technologies that give the enterprise complete trust in the integrity of their cloud data and workloads. New business models that simplify federated cloud computing while increasing security.
Before anyone is willing to make a firm commitment the cloud, they have to trust it. I understand that need. The good news is that most of the cloud market does too, and this market will survive based on its ability to gain it. You can bet that trust will be the focus of a lot of innovation in 2009.
James Urquhart is a seasoned field technologist with almost 20 years of experience in distributed systems development and deployment, focusing on service-oriented architectures, cloud computing, and virtualization. James is currently market manager for the Data Center 3.0 strategy at Cisco Systems, though the opinions expressed here are strictly his own. He is a member of the CNET Blog Network and is not an employee of CNET.
Back from my blog post in Aug 2007 (http://blog.gardeviance.org/2007/08/commoditisation-and-web-20-worth-part.html) - this hits the whole area of fungitility / patration or what you use to call software fluidity. We should both be shot for coming up with such awful terms.
Anyway, in discussing the "cloud" ...
"Low risk in this context would mean multiple providers of the same service which you can swap between, as opposed to the details [infrastructure architecture] of any one provider. To be able to swap between services you need not only standardised services but multiple providers and the freedom to move data, application or framework (depending upon which level of the stack you are talking about) between the providers.
In this context open source is a necessity to provide not only the base standards but also an operational means of implementing that standard. It is neither a tactic or a strategy.
However, open source (and in this context I mean GPLv3) is not sufficient, you also need some form of additional information to ensure the users of such services that they aren't being locked-in, or that this provider is really compatible with another or they can run their own installation should they wish to.
This can only be achieved through monitoring and the use of trademarking, by an authoritative group providing assurance to end users that this provider meets the standard, that any primitives have not been modified and that what you run with one provider will work on another."
Can trust be created ... yes, just not by the cloud providers or even associated network providers. You need independence for assurance.
Can you give me an example of a technology where this is the case today? I'm having trouble seeing how centralized control outwits an adaptive systems approach (where the market determines the standards and terminology that wins the day). Don't get me wrong...I think "impedence mismatch" and subsequent lock-in (intentional or accidental) is a big issue, but I'm not sure an independent authoritative group would work as well as corporate demand for interoperability.
Well as you know IT is currently undergoing a shift from a product to a service based economy, so we don't have clear examples of this in our industry yet because we're going through a transition. To find examples you need to look outside the field.
Obviously this will need corporate demand for portability (and hence interoperability between providers) for all the reasons of second sourcing, competitive pressure, pricing competition and so forth. I covered this in my talk at cloud camp last year ("Gang up now before the *aaS cloud gets you").
But even with corporate demand, there remains an issue with standards that those standards will need to policed (i.e. assurance given to end users that a provider is matching those standards).
For various reasons the standards will have to be open source operational code rather than specifications (including but not limited to reasons of speed of adoption, loss of strategic control by providers to a technology vendor and the need to ensure that standard covers the entirety of the services). Now with such standards any provider may make operational improvements to their implementation of a standard (without alteration of the primitives) and such service competition is ideal for a service based economy (it's also why GPLv3 is the perfect license for competition in the cloud and why AGPL is an abject failure for competition).
But even with an open source standard and competition on price vs QoS, you still need a mechanism to provide assurance to any end-user that a provider is still compliant to the standard, they are still providing a standardised service which you can move to and from.
If we ever want to get to a marketplace of providers with portability between providers rather than monopolistic situations then assurance services will become essential.
They don't have to create the standard but instead provide assurance that a service provider complies to a standard. A weak example of such assurance services would be the role of the FSA (UK) and the Stock Exchange in terms of providing and policing standardised financial instruments. (Before anyone starts quoting the current financial problems, that was mainly kicked off by OTC trades and we're not out of the woods on that yet).
So you need to start with corporate demand for portability (and hence interoperability of services) but such a goal will only be practically achieved if the standards are operational open source code rather than specifications, you have multiple providers of the standard and assurance services for compliance to the standard.
This is what I've been talking about for since 2006, and with everything that has happened I still believe it is the only viable route.
The big question remains whether the cloud computing industry can create the marketplace on its own (under pressure from corporate demand) or whether the government will need to step in and regulate for all the reasons discussed in Jesse Robbins post (see http://radar.oreilly.com/archives/2007/10/you-become-what-you-disrupt.html)
Anyway, something about 'trust': 'Trust is a measure of belief in the honesty, benevolence and competence of the other party. Based on the most recent research, a failure in trust may be forgiven more easily if it is interpreted as a failure of competence rather than a lack of benevolence or honesty.' [Wish it was mine but it's from Wiki]
Sounds web 2.0, huh..
Thanks for sharing, James!
Best.
Alain
Trust is often treated in these cloud discussions as if it was a binary property. I either trust ?the cloud? or I don?t. But things aren?t as simple in the real world. I might trust you, James, to look after my pint whilst I go to the restroom but not to look after my Porsche (if I had a Porsche, that is). Whereas I?d trust my colleague Barry with my Porsche but I wouldn?t leave him alone for 5 minutes with my pint. Trust between two individuals / organisations is a function of their previous interactions.
In the business world (and in the pre-nuptial arrangements of the very wealthy) trust is codified in legal contracts and in the legal system that supports those contracts. So, when you ask me if I trust my bank to look after my money then I?d say ? (no, wait, that?s a bad example). When you ask me if I trust my airline to deliver the seat I?ve booked then I?d say ?yes, in the main?. But if they don?t, then I know that there is a contract in place and an audit trail and that there are laws that will result in my being compensated for their failure to deliver. This knowledge bolsters my trust and is ultimately what makes my business with the airline, indeed all business, possible.
I don?t think we?ll see broad take-up of cloud infrastructure until we can capture the contractual relationships between cloud customers and vendors (and incidentally I believe that in the cloud this distinction will become increasingly blurred). At Arjuna (www.arjuna.com) we think this can be done by allowing service requirements to be clearly defined and then by constructing service agreements (effectively contracts) between independent parties intended to support those service requirements. (Thomas Bittman of Gartner has recently blogged on how potentially complex some of the requirements might be - http://blogs.gartner.com/thomas_bittman/2009/01/08/virtual-cloud-privacy-is-gray/). These agreements need to be very dynamic in nature and to be sufficiently flexible so that they are capable of supporting everything from complex, tightly defined business relationships backed by legal documentation, to the very loose and non-contractual relationships. Once an agreement is in place both parties can then build their own audit trail recording their view of how they and the other party have performed. This knowledge can be used to inform further agreements i.e. build trust, and to help to settle (or avoid) disputes between the parties. Business requires contracts and, if it means business, then so does the cloud.
Incidentally, James, I too enjoyed Rueven?s ?unsession? in San Jose ? my hat is off to him for sacrificing a marketing opportunity in exchange for moderating such a lively discussion.
Thanks for the thoughtful comment. Funny enough, I just amended my description of "trust" in the cloud to include the following: security, control and service level management.
I'm right there with you, man.
-
by zetaeditorial
January 22, 2009 9:59 AM PST
- The level of data security is questionable, but accessing files and applications over the internet has the potential to change the way we work and play. Read our blog post about cloud computing: http://www.zeta.net/blog/2009/01/what-cloud-computing-means-for-you/
-
Reply to this comment
-
(13 Comments)