Professional Documents
Culture Documents
gov/groups/SNS/cloud-computing/ forum-workshop_may2010.html). NIST has defined cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.1 In general, cloud computing has five distinguishable characteristics: on-demand self service, ubiquitous network access, metered use, elasticity, and resource pooling. In addition, its usually done on a massive scale with a homogeneity of equipment or software. It relies heavily on virtualization, resilient computing, and low-cost or open source software, and its usually geographically dispersed and focused more on services than systems. Finally, because it involves shared resources, it demands advanced security technology. Cloud computing is a very flexible concept that that includes three major service modelsthe most well known being SaaS,
which includes Web services such as Yahoo Flickr, Google Docs, and Microsoft website designer. These Web services perform functions traditionally done with software installed on an individual computer. The second service module is platform as a service (PaaS). This model provides computing services as websitessuch as mashups or the APIs of Google Mapsas well as file storage systemssuch as Dropbox or box.net. The final service model is infrastructure as a service (IaaS). It includes business-to-business (B2B) services that are usually invisible to customers. The first service to reach the market was Amazon Elastic Compute Cloud (EC2), which was operational in March 2006 (see http://en.citizendium.org/wiki/ Amazon_Elastic_Compute_Cloud). At the moment, the cloud computing industry has no standard business model. Instead, companies are experimenting with four different ideasprivate, cooperative, public, and hybridwhich we can illustrate through a comparison with laundry. In the private model, you own your own washing machine and do your own laundry. In the
a new cloud provided on the East Coast. A mistake in the software caused each virtual processor in the system to email multiple calendar alerts to clients, which filled the email boxes of all concerned. In this era when one bank can quickly acquire another, Ive seen case after case where the purchasing bank couldnt convert account histories from the system of the bank that has just been acquired. Clouds can easily go offline without notifying the organizations that need their services. My Web provider regularly disconnects from the net without warning, and I have no way of learning when its operational again without testing the site. John Walz
cooperative model, you take your clothes to a laundromat and use the shared machines. In the public model, you take your clothes to the cleaners and let the staff do your laundry. Finally, in the hybrid model, you take your delicate clothes to the cleaners but do the rest at home. All four of these forms suggest parallel forms of cloud computing.
needed. As computing becomes a utility like electricity, water, and gas, cloud providers will be able to seamlessly manage your startup, increased demand, or shut down without incident, delay, or additional charges. However, without question, the biggest perceived problems with cloud computing are the risks associated with privacy and security.2 According to a recent NIST report, Security and data privacy concerns are the two critical barriers to adopting cloud computing3 Alan Murphy, manager of virtualization and security at F5 Networks, points out that benefiting from the cloud requires trusting the providers for certain things:
I have to modify my level of trust, and apply new and stronger safeguards to the rest of my workflow processes (personal and professional) to make sure Im able to recover if/when there is a massive breach thats beyond my control. My recovery is something I can control, and I definitely trust myself.4
exercising their due diligence by reviewing the vendors continuity of operations, or getting agreements on confidentiality and information assurance. As the cloud is always changing, the relevant logs might not be available or could be difficult to cross reference. Finally, when cloud systems have trouble, clients have no way to reboot or reformat a cloud.5 Ultimately, well have to solve these concerns so that users will, as Greg Papadopoulos has suggested, trust service providers with their data like they trust banks with their money. Fortunately, most researchers believe well be able to address the security and privacy concerns technically. As NIST researchers Peter Mell and Tim Grance note, Clouds are massively complex systems [that] can be reduced to simple primitives that are replicated thousands of times and [that are] common functional units. Cloud security is a tractable problem3
Some of the concerns about privacy and security are well founded. Buyers of cloud computing services might have difficulties
computer.org/ ITPro
15
Spotlight
His experiences point to three kinds of problems commonly found in cloud computing. The problems are attached to each of the three modes: SaaS limits your ability to move data from one vendor to another and often prevents the kind of data sharing that was easy on a single computer with its own software. PaaS restricts your ability to save data in a portable format and can easily lock you into a single set of services with a single vendor. magazines. If every element of our society devoted a year to advancing cloud computing standards, we could solve many of the technical problems in the cloud, draw attention to the managerial issues, and promote this form of technology by showing, in a very public way, how a team of skilled professions works to solve problems. The starting point should be the Fourth IEEE International Conference on Cloud Computing (Cloud 2011), which will be held in July 2011. However, thats only the first step. We should connect the efforts of that conference potential to solve data-related problems. A unified approach to standard making is a task worthy of the Computer Society. Its something that we can doand do well. Its time, and the work is ours.
References
1. P. Mell and T. Grance, NIST Definition of Cloud Computing v15, Natl Inst. Standards and Technology, Oct. 2009; http://csrc.nist. gov/groups/SNS/cloud-computing/ cloud-def-v15.doc. 2. F. Gens, ICD on the Cloud, blog, 23 Sept. 2008, http://blogs.idc.com/ ie/?p=189. 3. P. Mell and T. Grance, Effectively and Securely Using the Cloud Computing Paradigm, Natl Inst. Standards and Technology, Oct. 2009. 4. A. Murphy, Cloud Computing: A New Level of Trust, The Virtual Data Center, blog, 6 Jan. 2009; http://thevirtualdc.com/?p=134. 5. M. Jensen et al., On Technical Security Issues in Cloud Computing, Proc. IEEE Intl Conf. Cloud Computing, IEEE CS Press, 2009, pp. 109116. 6. V. Kundra, Standards to Foster Innovation, 20 May 2010; http://csrc. nist.gov/groups/SNS/cloud-computing/ documents/forumworkshop-may2010/ nist_cloud_computing_forum-kundra. pdf.
Cloud computing is a transformative technology with significant potential to solve data-related problems.
IaaS has obvious security problems that occur when your data leaves the cloud of your primary vendor. We need to solve these problems before cloud computing becomes the dominant form of IT, and the IEEE Computer Society can help. Improving cloud computing will require the construction of standards. Standards build trust, improve the quality of service, and promote best practices. We need standards for data exchange, interoperability, and security. As a professional society and long-term creator of standards, the Computer Society is in a unique position to develop and advance standards. We helped create the basic standards in the field; now we need to finish the job. The standards board and committee create the standards, but thats only the last step of the job. The basic ideas for standards are created by our members, debated in conferences, clarified in transactions, and explained in
16
with the work of other technical meetings. A multiple Twitter feed or a parallel set of blogs could bring these ideas to our global membership. To move the ideas to the next step, we could encourage our transactions to publish special issues based on the best papers in conferences such as Cloud 2011 and Cluster, Cloud, and Grid Computing (CCGrid 2011). Also, similar to this special issue of IT Pro, other magazines could devote issues to the problems and, through the Web, circulate the articles from those magazines to our members in a new tech set. Finally, we could form a standards roadmap committee, tasked with identifying the 10 top issues cloud computing must address to reach its full potential.
John Walz is a retired staff member of AT&T/Lucent Technologies, where he worked as a researcher on software engineering problems. Contact him at j.walz@computer.org; http://johnwalz.com. David Alan Grier is an associate professor of international science and technology policy at the George Washington University. He writes The Known World for Computer and blogs at www.computer.org/theknownworld. Contact him at grier@computer.org.
Selected CS articles and columns are available for free at
he Computer Society has rarely acted in a unified fashionit usually relies on the work of individuals. But cloud computing is a transformative technology with significant
http://ComputingNow.computer.org.