Spotlight

Time to Push the Cloud

John Walz, AT&T/Lucent Technologies (Retired) David Alan Grier, George Washington University loud computing is at a controversial point in its development. Weve had 10 years of experience with software as a service (SaaS), but we still dont quite see where its going. Is it just for small businesses? Does it have any use for the individual? Do we make ourselves vulnerable by committing our data to a vendor over which we have no control? As the field develops, the cloud will play an important role in the future of IT. Cloud computing thus deserves our attention, and we should put forth our best effort to develop related technologies, including SaaS. Cloud computing has the potential of providing cutting edge computing services for all customers, no matter how big or how small. If done properly, it will make our data more secure and more portable rather than more vulnerable.

gov/groups/SNS/cloud-computing/ forum-workshop_may2010.html). NIST has defined cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.1 In general, cloud computing has five distinguishable characteristics: on-demand self service, ubiquitous network access, metered use, elasticity, and resource pooling. In addition, its usually done on a massive scale with a homogeneity of equipment or software. It relies heavily on virtualization, resilient computing, and low-cost or open source software, and its usually geographically dispersed and focused more on services than systems. Finally, because it involves shared resources, it demands advanced security technology. Cloud computing is a very flexible concept that that includes three major service modelsthe most well known being SaaS,

The Cloud Computing Model

A recent one-day seminar on cloud computing, held by the National Institute of Standards and Technology (NIST), presented both the promise and challenges of this field (see http://csrc.nist.
14

which includes Web services such as Yahoo Flickr, Google Docs, and Microsoft website designer. These Web services perform functions traditionally done with software installed on an individual computer. The second service module is platform as a service (PaaS). This model provides computing services as websitessuch as mashups or the APIs of Google Mapsas well as file storage systemssuch as Dropbox or box.net. The final service model is infrastructure as a service (IaaS). It includes business-to-business (B2B) services that are usually invisible to customers. The first service to reach the market was Amazon Elastic Compute Cloud (EC2), which was operational in March 2006 (see http://en.citizendium.org/wiki/ Amazon_Elastic_Compute_Cloud). At the moment, the cloud computing industry has no standard business model. Instead, companies are experimenting with four different ideasprivate, cooperative, public, and hybridwhich we can illustrate through a comparison with laundry. In the private model, you own your own washing machine and do your own laundry. In the

IT Pro September/October 2010

Published by the IEEE Computer Society

1520-9202/10/$26.00 2010 IEEE

Personal Cloud Experiences

s a software engineer and manager for AT&T/ Lucent Technologies for over 20 years, I worked on dozens of projects involving cloud computing technologies. Many issues were quite comical, though all have had serious repercussions for both the client and cloud provider. Though clouds promise uninterrupted service, Ive seen services denied to a large grocery chain when a backhoe cut a single fiber optic cable controlling all cash registers, closing the entire chain for a day. The cut cable recurred twice more in 18 months, causing substantial embarrassment and financial loss to the client. The scalability of services took on a new meaning when one organization moved its data processing to

a new cloud provided on the East Coast. A mistake in the software caused each virtual processor in the system to email multiple calendar alerts to clients, which filled the email boxes of all concerned. In this era when one bank can quickly acquire another, Ive seen case after case where the purchasing bank couldnt convert account histories from the system of the bank that has just been acquired. Clouds can easily go offline without notifying the organizations that need their services. My Web provider regularly disconnects from the net without warning, and I have no way of learning when its operational again without testing the site.  John Walz

cooperative model, you take your clothes to a laundromat and use the shared machines. In the public model, you take your clothes to the cleaners and let the staff do your laundry. Finally, in the hybrid model, you take your delicate clothes to the cleaners but do the rest at home. All four of these forms suggest parallel forms of cloud computing.

The Benefits and Perceived Risks

In its brief existence, cloud computing has become far more common than most people appreciate. Many individuals have experience with SaaS by doing such things as using network browsers to check emails accounts. Its now common to have a PaaS experience using a browser to build a website instead by buying an application for your computer. Finally, many companies have used IaaS, by moving from corporate data centers to cloud computing providers. Cloud computing reduces complexity, making it easier to scale systems and actually improving the portability of data. For many companies, it radically reduces capital requirements by letting companies purchase only the amount of computing services

needed. As computing becomes a utility like electricity, water, and gas, cloud providers will be able to seamlessly manage your startup, increased demand, or shut down without incident, delay, or additional charges. However, without question, the biggest perceived problems with cloud computing are the risks associated with privacy and security.2 According to a recent NIST report, Security and data privacy concerns are the two critical barriers to adopting cloud computing3 Alan Murphy, manager of virtualization and security at F5 Networks, points out that benefiting from the cloud requires trusting the providers for certain things:
I have to modify my level of trust, and apply new and stronger safeguards to the rest of my workflow processes (personal and professional) to make sure Im able to recover if/when there is a massive breach thats beyond my control. My recovery is something I can control, and I definitely trust myself.4

exercising their due diligence by reviewing the vendors continuity of operations, or getting agreements on confidentiality and information assurance. As the cloud is always changing, the relevant logs might not be available or could be difficult to cross reference. Finally, when cloud systems have trouble, clients have no way to reboot or reformat a cloud.5 Ultimately, well have to solve these concerns so that users will, as Greg Papadopoulos has suggested, trust service providers with their data like they trust banks with their money. Fortunately, most researchers believe well be able to address the security and privacy concerns technically. As NIST researchers Peter Mell and Tim Grance note, Clouds are massively complex systems [that] can be reduced to simple primitives that are replicated thousands of times and [that are] common functional units. Cloud security is a tractable problem3

Addressing the Challenges

One of us ( John Walz) has worked on numerous cloud computing projects over the last 20 years and has seen firsthand both the benefits and problems (see the Personal Cloud Experiences sidebar).

Some of the concerns about privacy and security are well founded. Buyers of cloud computing services might have difficulties

computer.org/ ITPro 

15

Spotlight
His experiences point to three kinds of problems commonly found in cloud computing. The problems are attached to each of the three modes: SaaS limits your ability to move data from one vendor to another and often prevents the kind of data sharing that was easy on a single computer with its own software. PaaS restricts your ability to save data in a portable format and can easily lock you into a single set of services with a single vendor. magazines. If every element of our society devoted a year to advancing cloud computing standards, we could solve many of the technical problems in the cloud, draw attention to the managerial issues, and promote this form of technology by showing, in a very public way, how a team of skilled professions works to solve problems. The starting point should be the Fourth IEEE International Conference on Cloud Computing (Cloud 2011), which will be held in July 2011. However, thats only the first step. We should connect the efforts of that conference potential to solve data-related problems. A unified approach to standard making is a task worthy of the Computer Society. Its something that we can doand do well. Its time, and the work is ours.

References
1. P. Mell and T. Grance, NIST Definition of Cloud Computing v15, Natl Inst. Standards and Technology, Oct. 2009; http://csrc.nist. gov/groups/SNS/cloud-computing/ cloud-def-v15.doc. 2. F. Gens, ICD on the Cloud, blog, 23 Sept. 2008, http://blogs.idc.com/ ie/?p=189. 3. P. Mell and T. Grance, Effectively and Securely Using the Cloud Computing Paradigm, Natl Inst. Standards and Technology, Oct. 2009. 4. A. Murphy, Cloud Computing: A New Level of Trust, The Virtual Data Center, blog, 6 Jan. 2009; http://thevirtualdc.com/?p=134. 5. M. Jensen et al., On Technical Security Issues in Cloud Computing, Proc. IEEE Intl Conf. Cloud Computing, IEEE CS Press, 2009, pp. 109116. 6. V. Kundra, Standards to Foster Innovation, 20 May 2010; http://csrc. nist.gov/groups/SNS/cloud-computing/ documents/forumworkshop-may2010/ nist_cloud_computing_forum-kundra. pdf.

Cloud computing is a transformative technology with significant potential to solve data-related problems.
IaaS has obvious security problems that occur when your data leaves the cloud of your primary vendor. We need to solve these problems before cloud computing becomes the dominant form of IT, and the IEEE Computer Society can help. Improving cloud computing will require the construction of standards. Standards build trust, improve the quality of service, and promote best practices. We need standards for data exchange, interoperability, and security. As a professional society and long-term creator of standards, the Computer Society is in a unique position to develop and advance standards. We helped create the basic standards in the field; now we need to finish the job. The standards board and committee create the standards, but thats only the last step of the job. The basic ideas for standards are created by our members, debated in conferences, clarified in transactions, and explained in
16

with the work of other technical meetings. A multiple Twitter feed or a parallel set of blogs could bring these ideas to our global membership. To move the ideas to the next step, we could encourage our transactions to publish special issues based on the best papers in conferences such as Cloud 2011 and Cluster, Cloud, and Grid Computing (CCGrid 2011). Also, similar to this special issue of IT Pro, other magazines could devote issues to the problems and, through the Web, circulate the articles from those magazines to our members in a new tech set. Finally, we could form a standards roadmap committee, tasked with identifying the 10 top issues cloud computing must address to reach its full potential.

John Walz is a retired staff member of AT&T/Lucent Technologies, where he worked as a researcher on software engineering problems. Contact him at j.walz@computer.org; http://johnwalz.com. David Alan Grier is an associate professor of international science and technology policy at the George Washington University. He writes The Known World for Computer and blogs at www.computer.org/theknownworld. Contact him at grier@computer.org.
Selected CS articles and columns are available for free at

he Computer Society has rarely acted in a unified fashionit usually relies on the work of individuals. But cloud computing is a transformative technology with significant

http://ComputingNow.computer.org.

IT Pro September/October 2010