Cloudy thinking
Aug. 8th, 2015 07:03 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
blatherskiteUnless you’ve been living in an unusually arid desert the past few years, you’ve undoubtedly heard of cloud computing—or, more simply, “The Cloud”. But what exactly is The Cloud? It’s a nebulous concept, and that makes it hard to pin down precisely what it means. The variety of interpretations doesn’t help. So in this article, I’ll attempt to de-mistify the concept so you can think a bit more clearly about how it works and how you can use it safely.
The original notion behind the cloud metaphor was that traditional computing was like a pot of water: everything was all together in one place, with all the limitations that this entailed, including the risk of losing all the water if someone knocked the pot off the stove. But imagine, The Cloud’s inventors proposed, if that water were more like the Internet: if you turn up the heat until the water boils, you get a cloud of steam—a bunch of dispersed droplets of water, that nonetheless function as if they were a single entity. At least, they do until a strong wind comes along and disperses them and they can no longer function as a single thing. That’s implicit in the metaphor, and we’ll come back to it presently.
In more technical terms, The Cloud represents a widespread collection of computing assets that function together as if they were a single thing. Those assets may be computers and other hardware, software, data, or some combination of these categories of things. The individual components can also cover for each other, so that if one is lost or damaged, the others continue to function as if nothing happened. A primary advantage of cloud computing is that it’s multiply redundant: if one part fails, then other parts will take over and unless you’re responsible for administering that part of The Cloud, you’ll ideally never know anything happened. In this sense, it’s like the old notion of a redundant array of inexpensive (now, “independent”) disks (RAID).
When this approach works, it works very well indeed. The Internet itself is a great example of the overall principle, since it was designed right from the start to be a distributed entity so multiply redundant that it could survive a nuclear war by rerouting traffic around any pathways or nodes in the network that were eliminated. Though nobody’s tried to test the nuclear survivability of the Internet in a real-world trial, there have been many glitches that did their best to take the Internet or large parts of it down—usually as a result of human malice (e.g., denial of service attacks) or human incompetence (e.g., cutting a backbone cable that conveys the majority of a service provider’s service while digging a ditch).
Because of this power, cloud computing should be part of everyone’s strategy. For example, I use DropBox’s file storage service to automatically back up my data, so if the roof falls on my computer, my files will still be safe on the Dropbox servers*. There are many other advantages. For example, you gain access to a dedicated staff of hard-core geeks who take care of your part of The Cloud to ensure that it stays up and running and that your data remains safe. I take reasonable precautions with my computer and data, but I don’t tend to it 24/7. I’ve got better things to do with my days and nights. (So do the geeks, but they get paid for their 8-hour shifts doing this work.)
* If you don’t have a DropBox account, contact me by e-mail (ghart@videotron.ca) and I’ll send you an invite. The service is free, and accepting an invite gets you 256 Meg more storage than you’d get if you sign up on your own. Then you can invite all your friends and earn 256 Meg of additional storage for each one who accepts your invitation.
If The Cloud is so wonderful, why do I remain so intensely skeptical about it? In part, because of the hype it’s been attracting. All you hear about are the benefits, and nobody warns you of the drawbacks. In the rest of this article, I’ll provide some suggestions of what those drawbacks might be, how they can turn a nifty coherent cluster of interacting droplets into a batch of damp floor, and how to protect yourself from such problems.
The first thing to keep in mind is that The Cloud is still in its early days, particularly compared with the Internet as a whole. Thus, it’s still being refined and hasn’t yet reached the same mature state of reliability as the Internet. A related problem is that there is no one “The Cloud”; rather, it’s a large collection of related services, with some overlaps and many non-overlapping areas, and everyone seems to define and implement it at least slightly differently. This is why DropBox, for instance, retains remarkable availability and security. In contrast, Apple’s ongoing availability problems with its iCloud service are a good example of why this is problematic: if you can’t rely on a Cloud-based service... well, you can’t rely on it. Duh! It’s become something of a truism that it generally takes three tries to get a design right, and only the oldest cloud services are working on their third full iteration.
The subject of availability leads us to the important concept of a guarantee of service: a key service must be available when you need it, else it’s useless. This is particularly true when the cloud is used to provide software as a service, as in the case of Microsoft’s Office 365, which provides access to software such as Word via your Web browser. Microsoft has done this right in many ways: availability has thus far been pretty good, and if the service is down, you can keep working from a copy of Office installed on your computer. (If you're using their OneDrive service, you'll have access to all of your documents both via the online service and via your computer; they're kept in synch.) This is crucial for someone like me who spends five days a week earning their living using Word. The flip side is that if your computer dies, you can move to another device (another computer, but also increasingly a tablet like an iPad) and pick up where you left off. This is similar to the IMAP e-mail approach, in which your messages are stored on your service provider’s computers, but you can download a copy of the messages to deal with when you’re not connected to their computers.
Immaturity of the technology also means that security is an issue, and an increasingly important one. Like any version 1.0 or 2.0 product, The Cloud still has some holes. In the old pre-Cloud world, someone who wanted to break into your data only had one point of access: the one device that stored all of your data. With the cloud, your data may be stored across dozens or even hundreds of computers, each of which represents a point of failure. When a security problem is discovered, managers of a service typically “roll out” the fix on only a few computers initially to ensure that the fix isn’t worse than the original problem. Until they’re satisfied the fix works and they can install it safely on the other components of their part of The Cloud, the other parts remain vulnerable. This is particularly problematic because even though each implementation of The Cloud is somewhat different from all others, all implementations rely on certain shared protocols that let the different services work together. This can lead to widespread security problems when one of those shared protocols is compromised. Unfortunately, when you depend on a Cloud service, you also depend on its providers aggressively testing for such problems and responding rapidly when problems are revealed. When no one company is responsible for maintenance of something as important as one of the underlying protocols, it can take some time for problems to be detected and fixed.
The Cloud is a great idea, and I use it judiciously as part of my business and personal computing strategies. But I don’t uncritically accept the hype. To account for the problems, I protect anything important in several ways:
I maintain security on my own computer (good antivirus software). And I skim several newsletters to be sure I’ll learn when a serious security problem has been discovered so I can take appropriate countermeasures (e.g., not use a compromised service or insecure software until the problem is fixed).
I back up all my data offline (on DVDs), near-line (in a hard drive connected to my computer), and online (via DropBox). If any one source is compromised, my data is safe on the other sources.
For the few things that are so important I need additional security, I encrypt the data. If someone should break into (say) DropBox and gain access to my data, they’ll have to break the encryption before they can use the data.
I rely primarily on software on my own computer, but have an old backup computer I can switch to if the main computer dies. I’m looking into Office 365 and iPad-based editing, but haven’t yet made this an integral part of my strategy.
Distrust any cloud service that doesn’t let you take similar steps to protect yourself.
The original notion behind the cloud metaphor was that traditional computing was like a pot of water: everything was all together in one place, with all the limitations that this entailed, including the risk of losing all the water if someone knocked the pot off the stove. But imagine, The Cloud’s inventors proposed, if that water were more like the Internet: if you turn up the heat until the water boils, you get a cloud of steam—a bunch of dispersed droplets of water, that nonetheless function as if they were a single entity. At least, they do until a strong wind comes along and disperses them and they can no longer function as a single thing. That’s implicit in the metaphor, and we’ll come back to it presently.
In more technical terms, The Cloud represents a widespread collection of computing assets that function together as if they were a single thing. Those assets may be computers and other hardware, software, data, or some combination of these categories of things. The individual components can also cover for each other, so that if one is lost or damaged, the others continue to function as if nothing happened. A primary advantage of cloud computing is that it’s multiply redundant: if one part fails, then other parts will take over and unless you’re responsible for administering that part of The Cloud, you’ll ideally never know anything happened. In this sense, it’s like the old notion of a redundant array of inexpensive (now, “independent”) disks (RAID).
When this approach works, it works very well indeed. The Internet itself is a great example of the overall principle, since it was designed right from the start to be a distributed entity so multiply redundant that it could survive a nuclear war by rerouting traffic around any pathways or nodes in the network that were eliminated. Though nobody’s tried to test the nuclear survivability of the Internet in a real-world trial, there have been many glitches that did their best to take the Internet or large parts of it down—usually as a result of human malice (e.g., denial of service attacks) or human incompetence (e.g., cutting a backbone cable that conveys the majority of a service provider’s service while digging a ditch).
Because of this power, cloud computing should be part of everyone’s strategy. For example, I use DropBox’s file storage service to automatically back up my data, so if the roof falls on my computer, my files will still be safe on the Dropbox servers*. There are many other advantages. For example, you gain access to a dedicated staff of hard-core geeks who take care of your part of The Cloud to ensure that it stays up and running and that your data remains safe. I take reasonable precautions with my computer and data, but I don’t tend to it 24/7. I’ve got better things to do with my days and nights. (So do the geeks, but they get paid for their 8-hour shifts doing this work.)
* If you don’t have a DropBox account, contact me by e-mail (ghart@videotron.ca) and I’ll send you an invite. The service is free, and accepting an invite gets you 256 Meg more storage than you’d get if you sign up on your own. Then you can invite all your friends and earn 256 Meg of additional storage for each one who accepts your invitation.
If The Cloud is so wonderful, why do I remain so intensely skeptical about it? In part, because of the hype it’s been attracting. All you hear about are the benefits, and nobody warns you of the drawbacks. In the rest of this article, I’ll provide some suggestions of what those drawbacks might be, how they can turn a nifty coherent cluster of interacting droplets into a batch of damp floor, and how to protect yourself from such problems.
The first thing to keep in mind is that The Cloud is still in its early days, particularly compared with the Internet as a whole. Thus, it’s still being refined and hasn’t yet reached the same mature state of reliability as the Internet. A related problem is that there is no one “The Cloud”; rather, it’s a large collection of related services, with some overlaps and many non-overlapping areas, and everyone seems to define and implement it at least slightly differently. This is why DropBox, for instance, retains remarkable availability and security. In contrast, Apple’s ongoing availability problems with its iCloud service are a good example of why this is problematic: if you can’t rely on a Cloud-based service... well, you can’t rely on it. Duh! It’s become something of a truism that it generally takes three tries to get a design right, and only the oldest cloud services are working on their third full iteration.
The subject of availability leads us to the important concept of a guarantee of service: a key service must be available when you need it, else it’s useless. This is particularly true when the cloud is used to provide software as a service, as in the case of Microsoft’s Office 365, which provides access to software such as Word via your Web browser. Microsoft has done this right in many ways: availability has thus far been pretty good, and if the service is down, you can keep working from a copy of Office installed on your computer. (If you're using their OneDrive service, you'll have access to all of your documents both via the online service and via your computer; they're kept in synch.) This is crucial for someone like me who spends five days a week earning their living using Word. The flip side is that if your computer dies, you can move to another device (another computer, but also increasingly a tablet like an iPad) and pick up where you left off. This is similar to the IMAP e-mail approach, in which your messages are stored on your service provider’s computers, but you can download a copy of the messages to deal with when you’re not connected to their computers.
Immaturity of the technology also means that security is an issue, and an increasingly important one. Like any version 1.0 or 2.0 product, The Cloud still has some holes. In the old pre-Cloud world, someone who wanted to break into your data only had one point of access: the one device that stored all of your data. With the cloud, your data may be stored across dozens or even hundreds of computers, each of which represents a point of failure. When a security problem is discovered, managers of a service typically “roll out” the fix on only a few computers initially to ensure that the fix isn’t worse than the original problem. Until they’re satisfied the fix works and they can install it safely on the other components of their part of The Cloud, the other parts remain vulnerable. This is particularly problematic because even though each implementation of The Cloud is somewhat different from all others, all implementations rely on certain shared protocols that let the different services work together. This can lead to widespread security problems when one of those shared protocols is compromised. Unfortunately, when you depend on a Cloud service, you also depend on its providers aggressively testing for such problems and responding rapidly when problems are revealed. When no one company is responsible for maintenance of something as important as one of the underlying protocols, it can take some time for problems to be detected and fixed.
The Cloud is a great idea, and I use it judiciously as part of my business and personal computing strategies. But I don’t uncritically accept the hype. To account for the problems, I protect anything important in several ways:
Distrust any cloud service that doesn’t let you take similar steps to protect yourself.
More about cloud security
Date: 2015-08-10 11:41 am (UTC)Also several good points about other aspects of security.