Storm Cloud Coming

I must admit to meeting Google‘s announcement regarding development of the Chrome OS with a mixed bag of emotions. On the one hand, I will admit to being impressed with Google’s attempts to challenge and dethrone Microsoft as the primary PC operating system, and its co-operation with and utilization of the open source community and Linux in the development of this new operating system. However, on the other hand, I am extremely apprehensive about this whole movement toward cloud computing that seems to form the basis of the Chrome OS and much of the development buzz of the last few years. In fact, after giving the whole thing some deep thought over the last few days, I am rather wary of this type of cloud dependant computing and agree with Richard Stallman‘s assessment that its “worse than stupidity…” [1] for a variety of reasons which I will try to explain a little further.

Admittedly, Google can be excused for being a staunch proponent for cloud computing as it is now and has always been a web based company. The vast majority of its applications and technologies have been web based and Google Apps is one of the more popular cloud based applications in existence today. As a matter of fact, it makes complete sense that Google would want to develop a platform to integrate with its Chrome browser and myriad of web applications.  It is also understandable that Google would want use its expertise in web development and Linux platforms to take its company into the future of cloud computing and move to capture this market before Microsoft has the opportunity to work its way in. However, even though Google can be used as a shining example of cloud computing for the masses, and some of their applications are a strong display of the advantages of cloud computing (lowered financial overhead, less administrative headaches, no versioning incompatibilities, ect) they have also provided many examples of the potential short falls inherent in the cloud computing environment, problems that continue to pop up even as development on their new operating system begins.

One of the major issues that myself and others far more relevant than myself have pointed out is the severe threat to reliability posed by the cloud environment. While the outsourcing of labours and responsibilities can be a big selling point, especially in terms of administration, it is also one the greatest draw backs when faced with application and Internet outages. Google has been one of the most publicly visible of the cloud providers to face some very serious outages, the most recent being the six hour outage of the Google App Engine on July 2nd [2]. In a business environment, this can cause some very serious financial shortfalls and peripheral losses even after one hour, and anyone in a position that is deadline dependant knows how disastrous a six hour outage can be. It is not so reassuring to see the haphazard apology offered in response to the problem,

“The team identified and fixed the underlying problem that caused the outage and service has now been restored to all applications. We apologize for the inconvenience and encourage anyone having technical difficulty to visit the System Status Dashboard or the Downtime Notify Group, which are both linked from the Google App Engine Community site.“[3]

Another area that poses problems for cloud computing is the security of the data saved on the provider’s servers and transmission of that data to and from those servers. This is a very real problem faced by any data on the Internet especially when you need to rely on an outside source to protect it. While it can be reassuring to simply assume that your documents are safe in the protection of a very large Internet company such as Google, there are no shortage of ways to intercept data in transmission and for every advancement in data protection there is an equal advancement in ways to steal or decrypt it. Any cloud user must have complete confidence in the provider of their services and their ability to protect their data.  Google has been called out on numerous occasions for its lack of security in its hugely popular Gmail application, even as recently as June 19th of this year.[4] This most recent complaint concerns the neglect on Google’s part to use the more secure version of the HTTP protocol to protect its users. Again, there is a fundamental lacking in the viability and safe implementation of the cloud environment. Anyone who has maintained a network can attest to the headaches of ensuring the security and integrity of the data on their network, but at least it is within your power to oversee and maintain whatever measures are necessary and know when they have been compromised.

In the world today, there are some other issues related to the international nature of the Internet and the effect that it can have on your corporate and personal privacy. There is a tendency to imagine the Internet as some kind of ethereal and almost transcendent thing that lacks any physical being. Unfortunately, this is not the reality of the web, in that there are very real servers in various countries around the world that may be used to store your data and applications in a cloud computing environment. Your cloud may not exist in your own country, but one with very different laws governing the information of the servers within their borders. As a citizen from another country, you have may have no recourse in any actions that maybe taken with your data. For example, as a Canadian, it has come to my attention on a number of occasions that my government does not allow public sector IT projects to use US based hosting services.  This is a direct result of the implications of the Patriot Act which allows various US agencies access to the data stored on US servers, even if it is the private data of a sovereign foreign state.[5] We might also wish to consider what may happen if your host’s services exist in a fundamentalist state with little or no regard for the protection of data or a users’ privacy. One might even loose access to their data overnight in some state crack down or other similar scenario. Whenever you store data in a country other than your own, one where you have no vote, no real recourse, there are a myriad of issue that may arise that could adversely affect your data, your privacy and possibly your personal safety.

The final area that I would like to consider, although there are many many more to explore, are the consequences of a sudden denial of service on the part of your cloud provider. There are a number of reasons that this can occur such as payment problems, violations of the Terms of Service (TOS), and contractual disagreements. Whatever the reason for a denial of service, the decision rests solely with the service provider and even if done without good reason, the potential for a loss of data and the denial of access to documents, email, financials and the like can have disastrous consequences for individuals and business alike. The time required to settle any such disagreements, no matter how long it may take, can be lengthy and painful for anyone caught in this circumstance. Most of the existing TOS’s that I have seen, currently state that the provider reserves the right to cut service and deny access to the user and their information at any time without warning. I would assume that this is a lawful action, especially when it comes to lack of payment or a violation of the TOS, but it is no less painful for a user or business.  There have already been some rather seedy examples of mistaken  denials of service toward innocent individuals without any warning that cut them off from their accounts, their applications and all of their data including private emails[6]  In the age of the computer as Personal Information Manager (PIM), such a denial can and has been stressful at the least and universally damaging if access to the material was not restored.

So, while there are many benefits to the cloud model of computing, there are also some very real problems that need to be addressed for the technology to be safe and reliable as it progresses into the future. For every positive, there still exists some very real and possibly disastrous negatives that all seem to orbit around the loss of control over your personal data and intellectual labours. Not surprising since this is one of the major issues presented by the Internet and most of its related technologies anyway.  Considering this, however, outsourcing the storage and control of your data only serves to increase the security and privacy threats posed to it.  And while these dangers are concern enough for anyone wishing to maintain control over their own personal data and intellectual labours, there have been some very important concerns raised over the present and theoretical pricing models for cloud computing which are also extremely disconcerting.  However, at the end of the day, having worked with applications such as Salesforce myself and having seen the havoc that outages and data tampering can create, having followed some the more public failures and shortcomings of the current cloud applications, and having followed some of the debates about the viability and value of cloud computing into the future, I am very wary of the potential threats posed to the ownership and security of our personal data if left to float in the clouds.
___________________________________________________________

Notes:

[1] Bobbie Johnson, (2008-06-29), “Cloud Computing is a Trap, Warns GNU Founder Richard Stallman,” The Guardian, http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman, (accessed July 11, 2009)

[2][3] Tom Krazit, (2009-07-02), “Google App Engine misfires,” CNET News, http://news.cnet.com/8301-17939_109-10278537-2.html, (accessed July 11, 2009)

[4] BBC Writers, (2009-06-19), “Google tackled on e-mail security,” BBC News – Technology, http://news.bbc.co.uk/2/hi/technology/8107556.stm, (accessed July 11, 2009)

[5] Bill Thompson, (2008-05-27), ” Storm warning for cloud computing,” BBC News – Technology, http://news.bbc.co.uk/2/hi/technology/7421099.stm, (accessed July 11, 2009)

[6] Chris Brogan, (2008-08-05), “When Google Owns You,” http://www.chrisbrogan.com/when-google-owns-you/, (accessed July 11, 2009)