One of the computing trends I’ve been watching for a while is so-called “cloud computing” which is really just the latest name for a kind of distributed computing that has been around in nearly identical form for just under a decade and in not-too-different forms for at least twice that long. Heck, I was working on one of the keystones of cloud computing – globally distributed storage – back in 2000, so when I react to the current hype wave with terms like “clown computing” it’s hardly because I’m afraid of something new.
In Cloud Computing is Scary – But the FUD Has to Stop, Dan Morrill complains about the FUD supposedly being directed at cloud computing. Well, Dan, with any new (or even supposedly new) technology there will be hype-mongers at one end and FUD-slingers at the other, with most of the computing community in between. Those with a vested interest in promoting a technology tend to tar everyone less enthusiastic than themselves with the “FUD” brush, just as those with a vested interest in suppressing it tend to tar everyone more enthusiastic with the “hype” brush. In this case the fact is that there are a lot of people who can’t even define cloud computing making all sorts of grandiose and often blatantly false claims. Saying that cloud computing is inherently flawed, that it can never work, would be FUD; pointing out that the claims being made by or about specific vendors and products remain unproven, or that there are still problems to be addressed, is just healthy skepticism. By portraying that skepticism as FUD, you only put yourself further on the “hype” end of the spectrum.
It is long past time to continue with the same old tired refrain of “no” and move on to where business is going.
It is time to start embracing where business is going, and trying to make sure that they are doing it in the safest way possible.
Where business is going, eh? Got any evidence of that? No, of course not. That’s where you would like business to go, but that’s not at all the same thing. Such grandiose “this is the wave of the future so don’t miss it” rhetoric does very little to allay people’s legitimate concern that it’s really a wave of hype. You’d be better off presenting cloud computing as a still-to-be-embraced opportunity, not a fait accompli in the business world.
Business has taken to virtualization in a big way, which I think is misguided for a whole different set of reasons (I believe it’s better to build and deploy smaller servers which can be combined into larger complexes instead of larger ones which then have to be sliced up). There is some correspondence and synergy between virtualization and cloud computing, but I can’t recall any cloud computing proponents articulating that connection as a coherent and usable business strategy. Riding on virtualization’s coat-tails isn’t enough. Some day very soon, somebody in the cloud computing camp needs to do a better job of explaining their Grand Concept’s very own value proposition separate from virtualization.
There are very few information security experts in cloud computing.
What security professionals need to be doing rather than creating their own FUD is work out ways to make it safer.
There might be very few information-security experts in the inbred cabal of people who push the “cloud computing” brand in blogs and such, but there are plenty of people who have been working at the intersection of security and distributed computing for years. Do you think the people behind Amazon, or Allmydata.org Tahoe, or Mozy (across the street from the folks at RSA), or Iron Mountain, don’t have a few clues about this stuff? I know many of them, have worked with some, and I know you’d be dead wrong. Securing data across the net is a well-studied problem. So is securing computation across the net, though that’s not my own specialty. It doesn’t mean all the answers are known, but it’s just not true that such expertise is rare or rarely applied.
it is time for information security folks to step up to the plate and get smart on how the technology works.
The best bet right now for the security engineer is to work through the process, and get smart now so that management can benefit from what you have learned.
No, maybe it’s time for cloud computing folks to get smart on how security technology works. Don’t try to push the burden of fixing your problems onto another community, and especially don’t try to hint that they’re “not smart” as you do it. That’s no way to get the help you need. If you cloud computing folks are such great innovators, take some responsibility for learning what’s already out there and using it to innovate your own solutions. When you act as though you invented the greatest thing ever and everyone else needs to catch up, you come across just like teenagers who act like they invented music or sex and that’s just really annoying. Customers don’t like to deal with annoying vendors.
There’s nothing wrong with consciousness-raising but, especially in this economic environment, people are suspicious of evangelists whose promises are incommensurate with their ability to demonstrate real working product with real business value. If you don’t want to sour everyone on the whole idea of cloud computing or anything like it for the next ten years, dial down the marketing and dial up the technical progress.
UPDATE: The Onion says Recession-Plagued Nation Demands New Bubble To Invest In.
A panel of top business leaders testified before Congress about the worsening recession Monday, demanding the government provide Americans with a new irresponsible and largely illusory economic bubble in which to invest.
“Perhaps the new bubble could have something to do with watching movies on cell phones,” said investment banker Greg Carlisle of the New York firm Carlisle, Shaloe & Graves. “Or, say, medicine, or shipping. Or clouds.