Cloud Computing: Come Rain or Come Shine?

As Cloud Computing is becoming a clear alternative to traditional IT infrastructure (see a previous post), a lot of media attention has been raised regarding its security. Last week, The Economist in the article “Cloudy with a chance of rain” stated the resistance by many IT managers to adopt cloud computing based on security issues. As a matter of fact, in a recent survey by CIO Magazine, over a sample of 800 CIOs, 60% were thinking seriously about cloud computing, but only 8% had already committed themselves to implementing it.  A long the same line, a recent Forrester Research report points out that among the main reasons preventing companies from implementing cloud computing are security concerns (50%) and too immature technology (43%). No doubt, this perception is fueled with news like the breach of security announced last January by Google, when they stated that Gmail had been comprised by a malware attack originated in China.

Fundamentally, cloud computing changes the security boundary between the enterprise infrastructure and the rest of the world, a perimeter security traditionally provided by firewalls. By contrast in a cloud computing scenario, data from multiple companies can be stored and processed in the same physical server using server virtualization technology. This situation can be illustrated with the analogy of a cabinet containing files from numerous clients, all of them with some sort of access to the cabinet, as described in a recent CNN article “How Safe is Cloud Computing?”

In addition to that, cloud computing is also subject to restrictions and compliance with local privacy laws. For instance, the Data Protection Act of 95 of the European Union requires storing private data, that is to say personally identifiable data and financial records of citizens, within the bounds of the EU legal jurisdiction. Moreover, if a company chooses to store its data in an US-based cloud infrastructure, the US government reserves the right to seize and examine any of these data based on the USA PATRIOT act, designed to fight acts of terrorism. In other words, location has legal ramifications in the choice of a cloud computing provider.

However, cloud computing seems the natural evolution of computing , starting back from the mainframes in the 60s, through the minicomputers from the 70s, the PCs from the 80s, the client-server from the 90s to today’s data hosting solutions. From the three layers of cloud computing: SaaS, PaaS, and IaaS (see a previous post). The latter one, Infrastructure as a Service, provides on-demand capacity (storage, bandwidth, computing) to deploy almost any kind of application, with a pay-per-use model. Nevertheless, some applications are more suited for cloud computing than others, mainly those with fluctuating use of resources, where it makes more sense a pay-per-use model rather than investing in dedicated servers.

There is no doubt that security issues and legal issues will rapidly mature to turn cloud computing into a suitable architecture for many enterprise applications. Notwithstanding, some analysts say that cloud computing will be not a mainstream service until 2020. It is public knowledge to predict the future in technology is an impossible mission. Suffice it to say that only ten years ago, the tech bubble bursted. Although, NASDAQ Composite index never recovered its 5.000, some significant development have occurred since then. For instance in 2000, there were 360 million people on the web and today there are 1.6 billion; or from the 400 million people using mobile in 2000 to today’s 4.6 billion. Shall we wait 10 years to adopt widely cloud computing? Quoting Joseph Licklider, MIT computer and internet visionary, “people tend to overestimate what can be done in one year and to underestimate what can be done in five or ten years.” Come rain, or come shine.

 

About Javier Zamora

Javier Zamora is currently senior lecturer in the Department of Information Systems. He received his Ph.D. in Electrical Engineering from Columbia University, and his M.Sc. in Telecommunications Engineering from the Universitat Politècnica de Catalunya. He holds also a PDG from IESE.