The topic of cloud computing is very hot these days. The advances in hardware, software and networking technologies have made the dream of computing as a utility service for cost-conscious companies or ordinary individuals a reality. Under this new paradigm, it’s possible to rent by the hour to take advantage of cloud computing. The public cloud simultaneously solves three resource bottlenecks . First, we can use it as a poor-man’s supercomputer if we want to do compute-intensive jobs. Second, we can use it to process large amounts of data that traditional file systems just cannot tackle. Third, we can also use some software as a service (SaaS) without huge ownership cost. Best of all, we can use it at any time. We don’t have to worry about the initial set-up cost for the hardware or software to handle the peak demand which is hard to estimate. This is indeed the dream come true for many companies and individuals.
But there are some potential issues we have to resolve before we can jump onto the bandwagon of public cloud computing.
- Moving data between service providers. Currently APIs for cloud computing are mainly proprietary, making it difficult to move data if we want to switch service providers. In addition, the data transfer cost through the Internet may be very costly. So before there is a standard API for different public cloud providers, you want to make sure you pick the right provider with a good reputation and ability to scale.
- Data privacy and integrity. Since public cloud computing is available to anybody, it means that it is also available to the bad guys. This could lead to security vulnerabilities. The criminals may use the power of the cloud to do crytanalysis to break the encrypted sensitive data stored in the cloud. In a public cloud, there are more users than the tightly controlled super-computer environment. The risk of a security breach is much higher. So there must be strict rules to limit the access of each individual user and strong enforcement of password policies. In a public cloud environment, the data may be stored in different locations, or even different countries. How do you ensure that the private data remains confidential?
- Service availability. When we put our lifeline on the cloud, we just cannot live without it. What happens if it goes offline due to hardware or software failures or due to distributed denial of service (DDoS) attacks? Although each cloud provider claims their service is reliable, each one suffers service outages. For example, Google suffered a Gmail service breakdown in Europe last February. Can you build your own service by using multiple cloud providers?
Even with these known issues, public cloud service is still a good option for many companies, as long as we take careful measures to mitigate possible drawbacks. For example, we can:
- Ask providers about their service availability warranties and penalties as well as their record of availability.
- Check each provider’s long-term viability and the proximity of its data centers to reduce data transport costs.
- Obtain regular security and privacy audits of the cloud provider from third parties.
- Define the national boundary for data storage so that the data cannot go beyond each country’s jurisdiction.
- Find out how the provider can satisfy our security requirements. For example, put us in a trusted virtual cloud that isolates us from all the other users.
- Use strong encryption methods to protect highly sensitive data.
Public cloud providers can also do more to reduce the concerns of their customers. For example, the cloud provider can:
- Design a strict usage agreement to prevent the user from using the cloud to perform malicious activities such as cryptanalysis or DDoS attacks and set up monitoring capabilities to detect such abuse .
- Enforce strict policies on passwords and access privileges.
- Work together with other cloud providers on the standard API to make data movement seamless.
- Implement tighter security mechanisms such as Trusted Virtual Data Center to enforce customer isolation.
The economics of scale put public cloud computing in a clear advantage. The service providers can statistically multiplex the computer hardware (CPU, memory, hard disks) and network bandwidth to reduce the cost incurred by idle time while maintaining high reliability. This can be achieved with the optimization and machine learning technologies. Individual companies may not have such advantage. So with thoughtful practices by the cloud customers and continuous enhancement by the cloud providers, we believe that the days of public cloud computing available as a utility service like electricity will be ubiquitous very soon.