The buzzword du-jour in the current economic crash of 2008 is “Cloud Computing”.
There are several interesting question around cloud computing – why now, how are people building it, what are people doing with it and what about security.
1) Why now?
Back in 2001 after the dot com crash, On-demand / SaaS started picking up. My personal explanation is that a) there were a lot of programmers and entrepeneurs out of work, looking for new things to do and b) an oversupply of bandwidth and server capacity on the Internet and c) a lot of VCs looking for the next big thing. The sales guys try to pitch an economic reason for on-demand: businesses not having the money to buy large enterprise software systems in a down-market. Since Salesforce.com is not keeping up with the profitability of year-on-year growth of Oracle Applications and SAP – I don’t buy it. At $50/seat for Salesforce.com – if I have 100 people, it’s $5000/month or $60,000/year which is 10x more than I would pay for a free open source instance of SugarCRM or TigerCRM running on a dedicated server at rackspace.com. If SaaS is not an economically sustainable business model for service providers, it will not sustain for end user customers either long term.
2) How are people building cloud computing services?
The drivers and emotions are similar (just like in 2001, cloud computing vendors are hyping the economic crash as a reason to buy their wares). In 2008, we have additional drivers – server virtualization and improved cluster management.
3) What can you do with it?
Thanks to free open source – it’s pretty easy to install, use, customize and develop Web applications in the cloud. Unlike 2001, there are now a lot of very good free open source line of business applications that run on shared infrastructure that are all based on PHP, MySQL, Postgresql, Python etc. Note that you cannot take J2EE or .NET applications and run them on dreamhost.com, slicehost.com, Amazon or Google App Engine.
Extending the cloud on the net. One of the coolest things happening right now, I think is sharing, correlating and interacting between local Web application instances and public Web services. There are of course tons of examples – like blogs and RSS Feeds but it’s beginning to get interesting with applications like SugarCRM tapping into services like Jigsaw (which is a professional sales lead network). The idea is that you can run SugarCRM on your local server instance and tap into a big professional network like JigSaw.
4) Security in the cloud
Predictably this is a hot issue – (I just googled for “Security in cloud computing” and got 14.9 million hits) starting with Cloud security.org. There is understandably a lot of concern for security of data in a computing resource that is outside your organizational network and concern for availability of the service. This area deserves a lot more than a 30,000 foot answer, but I would try and break this down into three areas – confidentiality, integrity and availability
- Confidentiality – Data security in the cloud is, based on my personal experience, arguably better than in an IT enterprise network. The people that run a cloud utility at Amazon, Google App engine, slicehost or Mosso – do this for a living and definitely have more expertise than 99% of IT departments in the world. Not having the servers on your network means that malicious insiders or outsiders do not have an easily accessible target. From a security perspective – the attack surface is smaller but the threats are totally the same.
- Integrity - Data integrity has more to do with software implementation bugs or basic design flaws then with the availability of the cloud computing utility. We will still need good software security design, implementation and excellent security assessment.
- Availability - This is an area where Amazon EC2 and Google App Engine took hits a few months ago but I believe that by comparison – the reliability and availability of a services like EC2, Google App Engine and Mosso are better than electrical utilities or cell phone networks which serve billions of users. So – IMHO – the future for high availability in the cloud is rosy.