The Pros and Cons of Cloud Computing
Ruairí Ó Murchú
Computer Science Department
Griffith College Dublin
Introduction:
2 research papers related to cloud computing were reviewed; one detailing a case for it and the other describing possible security problems affecting cloud computing:
- The Case for Cloud Computing by Robert L. Grossman (2009) – Professor of Mathematics, Statistics and Computer Science at the University of Illinois at Chicago and managing partner at Open Data Group.
Published by the IEEE Computer Society / IT Professional magazine.
- Cloud Computing – Overview of Information Assurance Concerns and Opportunities
Produced and published by the US National Security Agency’s Systems and Network Analysis Center (Version 1.02 18 December 2009)
An evidence based case was then made detailing the pros or the cons. In this instance the weaknesses of cloud computing are relayed.
Literature Review:
- The Case for Cloud Computing explains the basics of cloud computing [1]. It distinguishes between clouds “that provide computing instances on demand” [1]; e.g. Amazon’s EC2 services [3] and “those that provide computing capacity on demand” [1] e.g. Google’s MapReduce [4].
It then details the pros and some cons of cloud computing, but the direction of the paper is largely in support of what cloud computing offers us:
Cloud computing offers to the user computing scaled from the use of a single PC to the computing power of a data centre, having it made it a lot simpler to access and utilise the entire resources of the data centre[1].
“Elastic, usage-based pricing models”[1] means that the end user must only pay for the use of cloud computing resources, when they require and use them.[1] This can lead to serious monetary savings for a cloud computing client / user. There is no need to maintain a computing capacity that you might only require occasionally. “this is [truly] revolutionary”[1].
- Cloud Computing – Overview of Information Assurance Concerns and Opportunities opens with a detailed introduction into cloud computing, explaining the “Cloud Service Delivery Models” [2] and detailing a number of examples.
The main thrust of the paper is to give an outline of information assurance issues affecting cloud computing. This principally concentrates on security weakness and issues exclusive to cloud computing or heightened through the use of the technology [2]. The aim of the paper is to educate possible users, or those considering the technology, as to the security weaknesses and therefore problems with cloud computing [2]. This is by no means a document attacking cloud computing, but it does pose a number of serious weaknesses that cloud computing presents.
Conclusion:
The arguments made for cloud computing, though dealt with sparsely in part 1 of the Literature Review are nonetheless quite sturdy.
I believe it is necessary to be fully aware of the present weaknesses or threats that cloud computing technology faces so I will detail some of the pitfalls as detailed in the 2nd research paper, but also making reference to other sources:
All issues relate to Information / Data Assurance and the present levels of trust in the cloud computing technology.
· Integrity and confidentiality of data, in the case of many organisations is vital. A recent study has shown many CEOs and IT managers across the world do not yet trust the cloud computing paradigm over their own internal systems [5]. They fear both security threats and losing control of the data to systems they have no control over [5]. The greatest danger is from the access of a privileged user / administrator of the cloud provider would have. Cloud computing providers are presently making attempts to secure their systems from internal attack by restricting access to hardware services, ensuring rigorous accountability and auditing measures, reducing the members of staff who can gain access to data via the systems’ infrastructure [6]. Despite all this it is still a fact that those who administer these systems have the technical ability and opportunity to access customers’ Virtual Machines and therefore their data [6].
· Cloud Providers may use other providers to offer certain services. This could be termed as further stretching the “Trust Boundary” [2]. A fitting example of this being that Facebook applications employ Amazon Web Services for data storage and other ancillary services [7]. This leads to the user into the quagmire as regards how the laws in those countries where the data is eventually stored affect the security of that data[2]. Facebook discovered this with a finding against it in Canada in 2009 for breach of Canadian privacy laws [8, 9].
· There are questions that have to be taken into account as regards both data purging and data recovery. This is ensuring that data is permanently erased if necessary, or can be recovered in the case of a system fail / crash etc. These questions relate to the power of the user, being facilitated by the provider, to ensure these happen in a timely and proper way, with no loose ends [2]. Obviously a factor that has to be taken into account is whether data / operations are retrievable from a provider and transferable to another, or is it possible that the client / user will be left in the lurch if the company suddenly shuts down for financial reasons, or is under investigation etc. [2].
Cloud computing, is already in operation as Google Docs, Facebook etc and in many industrial guises. It offers simple scalability and computational solutions, which are revolutionary in their out-workings. It has weaknesses that must be addressed and attempts are being made in this direction. There are downsides, only a number of which are dealt with in this paper and maybe there will always be data that people prefer to keep under their control and won’t trust to a cloud. Information and understanding of these weaknesses offers people real decisions and in computing, like life, there are always trade-offs. Users / possible users of cloud computing need to weigh the pros vs. the cons of cloud computing and make determination which suits their situation, as regards themselves, their company or their organisation.
References:
[1] Robert L. Grossman, “The Case for Cloud Computing”, IEEE Computer Society, 2009.
[2] “Cloud Computing – Overview of Information Assurance Concerns and Opportunities” (Version 1.02), US National Security Agency’s Systems and Network Analysis Center, 18 December 2009
[3] “Amazon Elastic Compute Cloud (Amazon EC2)”, www.amazon.com/ec2, published by Amazon Web Services
[4] Jeffrey Dean and Sanjay Ghemawat, “MapReduce: Simplified Data Processing on Large Clusters”, published by Google Inc. (Research Publications) and appeared in OSDI’04: Sixth Symposium on Operating System Design and Implementation, San Francisco, CA, December, 2004.
[5] “Survey: Cloud Computing ‘No Hype’, But Fear of Security and Control Slowing Adoption”, 2009, http://www.circleid.com/posts/20090226_cloud_computing_hype_security/ – Article details Survey as conducted by Kelton Research
[6] Nuno Santos, Krishna P. Gummadi & Rodrigo Rodrigues, “Towards Trusted Cloud Computing”, The Max Planck Institute for Software Systems
[7] “Facebook and AWS”, http://aws.amazon.com/solutions/featured-partners/facebook/
[8] “Facebook Needs To Improve Privacy Practices, Investigation Finds.” A look at Facebook security as compared to Canadian privacy laws http://www.priv.gc.ca/media/nr-c/2009/nr-c_090716_e.cfm
[9] “Report of Findings into the complaint filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc. under the Personal Information Protection and Electronic Documents Act by Elizabeth Denham, Assistant Privacy Commissioner of Canada”, July 16, 2009
Presentation
vWvB#0qtam)r