Jump to content


Photo

Cloud Computing; Good, Bad, Or Ugly?


  • Please log in to reply
49 replies to this topic

#21 TTK Ciar

TTK Ciar

    Member

  • Members
  • PipPip
  • 2,003 posts
  • Gender:Male
  • Location:Sebastopol, CA, USA
  • Interests:material engineering, composite armor, GPC, battletank technology

Posted 11 July 2014 - 2138 PM

I'm not calibrated on licensing issues.  With the exception of Autonomy (with whom I was acquainted only briefly; they bought the company I was working for, and I BTFO soon after that) all of my employers since 1999 have used LAMP stacks with free/open-source software, unburdened by any licenses at all.
 

A friend is Director of Operations at a largish tech company, and he tells me that managing all their licenses is a major pain.  Sometimes he doesn't even know that some infrastructure is dependent on licensed software until the license expires and that infrastructure stops working.  There are companies whose only products are license management systems, so I'm guessing it can be a big deal that cloud providers alleviate license management concerns.  It really never occurred to me before, but seems like a good point.
 


  • 0

#22 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 32,081 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 11 July 2014 - 2333 PM

A friend is Director of Operations at a largish tech company, and he tells me that managing all their licenses is a major pain.  Sometimes he doesn't even know that some infrastructure is dependent on licensed software until the license expires and that infrastructure stops working.  There are companies whose only products are license management systems, so I'm guessing it can be a big deal that cloud providers alleviate license management concerns.  It really never occurred to me before, but seems like a good point.
 

 

I don't think I've ever seen it described as such, but license management is really its own weird little job function. As an example of how painful it can be, VMware vSphere has changed their licensing model twice between 4.5 and 5.1. For awhile they dallied with licensing both by socket and by vRAM, so refreshing your servers might mean unusable RAM until you sorted the license change. That licensing model was less than optimally received by the customer base, so they went back to socket count.


  • 0

#23 Archie Pellagio

Archie Pellagio

    Now flouridating a water source near YOU!

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 15,224 posts
  • Gender:Male
  • Location:Montpelier, Vermont
  • Interests:Vermonter global conquest rampages!

Posted 12 July 2014 - 0900 AM

Generally not a fan of the concept, it's just too nebulous.

I've only in the last two months got a decent size ADSL2 internet plan (200gb/month) before that I've always been reliant on 3G and the costs over over $10/gb) make relying on the cloud prohibitive.

Things like steam games and what not I've only just started downloading online only as well for same reason.

There are just too many places in the world, with too little internet infrastructure to make it reliable for me.
The cloud is great if you never leave your basement in Europe or America, but outside of those places, the internet is often expensive and unreliable.
One of the reasons I cracked the shits after buying Battlefield 3 in a bargain bin, go to install and it requires 9gb of patches. Nine freaking gigabytes!
So many steam based games are the same, always requiring updates of multiple gigabytes.
  • 0

#24 Ssnake

Ssnake

    Virtual Shiva Beast

  • Members
  • PipPip
  • 6,655 posts
  • Gender:Male
  • Location:Hannover, Germany
  • Interests:Contemporary armor - tactics and technology

Posted 12 July 2014 - 0912 AM

License management may be one of the cases where there's an actual benefit for companies. Then again, it's at the expense of heightened dependency on someone else. But that's quite normal as far as business decisions go, you always depend on someone, somehow. But it's rarely limited to license management, and the question really is and should be how critical the information is for the survival of the company that must inevitably be sent back and forth between the cloud provider and you.

 

Can you trust the cloud provider?

Can you trust his employees?

Can you trust the underlying public IT infrastructure?

Will the dependency on the cloud provider create a single point of failure for company operations?

Can the cloud infrastructure handle sustained DDOS attacks from a cyber mob?

What's the potential damage to the company - both in finances and reputation - if the cloud provider cannot protect the data, or cannot maintain the infrastructure?

 

Tight security can only be maintained for truly critical data, if at all. The more people are involved, the more people can (and will) screw up. IT security requires a security oriented mindset in the first place, and since that mindset is often detrimental to other, equally important processes it must be limited to what's absolutely necessary. There, however, half-assed solutions are worse than no solutions at all. IT security isn't free, never was, never will be. Willingness to hand over mission-critical infrastructure to some service provider requires desperation, or a huge leap of faith (which more often than not results in a broken nose after the fall). If it cannot be avoided (the "desperation case") have some contingency plan for a worst case scenario.

 

The worst case can have many different faces. It could be data duplication that goes completely unnoticed. That's a risk that you'll also have to take for complete in-house solutions, of course. The vast majority of IT attacks are insider jobs, after all. Having everything in a remote location (e.g. a data center near the arctic circle) certainly reduces the chances of disgruntled employees to gain physical access to it. Then again, you just have to trust that this data center under aurora borealis illumination actually is as secure as the cloud operator claims, that your data are really there and not elsewhere, that the data center actually exists (if you want to go full retard on paranoia), that there are no government mandated backdoors, and if they exist, that they are created in a way that only the government can use it (unlikely).

Then there's the case of data theft and blackmail.

Then there's the case of PII data falling into the hands of cybercriminals (identity theft, credit card fraud) which opens the door for litigation risk and damage to reputation.

 

A careful analysis will probably reveal more possible risks. Some of them can be diminished with cloud solutions, others may be increased, but in any case good risk management starts with a systematical analysis of what can go wrong, and contingency plans how to react to it. The times where all vital corporate knowledge was stored in lever-arch file binders and rolodesks is long over, yet some managers still haven't grasped the graveness of the situation (or are unwilling to actually deal with it).


  • 0

#25 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 32,081 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 12 July 2014 - 0916 AM

There are just too many places in the world, with too little internet infrastructure to make it reliable for me.
The cloud is great if you never leave your basement in Europe or America, but outside of those places, the internet is often expensive and unreliable.

 

Depends on what you mean by "America". In lots of small towns and minor cities in the US and Canada, broadband can be limited. Some locales, the options are either DSL or cablemodem, plus satellite. Fine for home use, but a small/medium sized business may just turn the lights off for the day if the network connection goes down. And those are the very businesses that would most benefit from cloud computing; the ability to outsource 90% of the IT infrastructure must be huge.


  • 0

#26 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 32,081 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 12 July 2014 - 0952 AM

Having everything in a remote location (e.g. a data center near the arctic circle) certainly reduces the chances of disgruntled employees to gain physical access to it. Then again, you just have to trust that this data center under aurora borealis illumination actually is as secure as the cloud operator claims, that your data are really there and not elsewhere, that the data center actually exists ...

 

Somewhere I read an article that tickled me. It talked about cloud storage, and interactions with regulatory agencies. The gist was that when regulated data (such as financial transactions) were stored in cloud storage, due to capacity/latency management, regulators would have a hard time identifying the physical location of a particular database. Even if all required protections were in place, and all policies were followed to the letter, regulators were unhappy that they couldn't swoop in and seize drives at a moment's notice.


  • 0

#27 rmgill

rmgill

    Strap-hanger

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 23,908 posts
  • Gender:Male
  • Location:33.8369/-84.2675
  • Interests:WWII Armor, Ferrets, Dingos, Humbers, etc...

Posted 12 July 2014 - 1153 AM

Security in the cloud is a royal bitch. Visa certification for credit card transactions requires verifiable physical security of the drives that hold the data. Putting that in the cloud somewhere means that a smart staffer for that provider could figure out where cc numbers are stored, snag those drives and make a bunch of money. Security through obscurity is a really bad security model.

Most of the cloud providers, as far as I understand generally don't secure the data. The thing that scares the bejesus out of me is someone diddling your data unbeknownst to you because your core content management system is out in the cloud or pulling from sources that are.

Edited by rmgill, 12 July 2014 - 1154 AM.

  • 0

#28 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 32,081 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 12 July 2014 - 1458 PM

Most of the cloud providers, as far as I understand generally don't secure the data. The thing that scares the bejesus out of me is someone diddling your data unbeknownst to you because your core content management system is out in the cloud or pulling from sources that are.

 

The quick answer is always going to be encryption of data at rest. But if you are using hosted storage, network, and compute, somebody else has 24/7 access to the cabling across which all authentication traffic flows. At some point, a black hat is going to sniff the passwords and have the ability to decrypt at leisure.


  • 0

#29 Jeff

Jeff

    Godfather of Tanknet Birthday Greetings

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 29,030 posts
  • Gender:Male

Posted 13 July 2014 - 1800 PM

I use Amazon Cloud for my pictures, it's great to take pics and video on my phone and have it upload automatically on WiFi so that I can view it on my PC and Kindle. It also works as an offsite backup to my external HD if the condo goes poof. I try not to think about all of the early digital photos I lost due to proprietary software or missing it on swapping to a new PC.


  • 0

#30 Ssnake

Ssnake

    Virtual Shiva Beast

  • Members
  • PipPip
  • 6,655 posts
  • Gender:Male
  • Location:Hannover, Germany
  • Interests:Contemporary armor - tactics and technology

Posted 13 July 2014 - 1857 PM

Private use is one thing, corporate use is quite another.


  • 0

#31 Tony Evans

Tony Evans

    Member

  • bad boys
  • PipPip
  • 8,686 posts
  • Gender:Male
  • Location:Saint George, UT
  • Interests:History, Science Fiction, Cinema

Posted 21 August 2014 - 2326 PM

Private use is one thing, corporate use is quite another.

 

But not in the way you think. A relative of mine used to be the manager of trust systems development at a major national bank. I asked her recently what she thought of cloud computing and she says she wishes it had been available 30 years ago.

 

Also, if you're running multiple sites, having a single data repository in the cloud could solve a lot of problems.

 

Are there issues? Certainly. But, for most purposes, they're the same issues you have if you're dependent on a centralized corporate data center. Most application users have been dependent on a cloud for decades now,


  • 0

#32 Ssnake

Ssnake

    Virtual Shiva Beast

  • Members
  • PipPip
  • 6,655 posts
  • Gender:Male
  • Location:Hannover, Germany
  • Interests:Contemporary armor - tactics and technology

Posted 23 August 2014 - 0215 AM

It totally depends on the individual case. All I'm saying is that there are possible conflicts with the law, depending on in which country you operate and what kind of data you store. Then there are the obvious issues of distributed data storage. On the upside, the ease of management for the end-user and in some cases also increased reliability with reduced cost.

 

But it's not "just the upside". It is only natural that Cloud providers emphasize the upside and downplay the risks, or inflate the costs associated with NOT using the cloud. The purpose of this thread is to be somewhat of a corrective to one-sided sales pitches. ;)


  • 0

#33 Tony Evans

Tony Evans

    Member

  • bad boys
  • PipPip
  • 8,686 posts
  • Gender:Male
  • Location:Saint George, UT
  • Interests:History, Science Fiction, Cinema

Posted 24 August 2014 - 1451 PM

It totally depends on the individual case. All I'm saying is that there are possible conflicts with the law, depending on in which country you operate and what kind of data you store. Then there are the obvious issues of distributed data storage. On the upside, the ease of management for the end-user and in some cases also increased reliability with reduced cost.

 

But it's not "just the upside". It is only natural that Cloud providers emphasize the upside and downplay the risks, or inflate the costs associated with NOT using the cloud. The purpose of this thread is to be somewhat of a corrective to one-sided sales pitches. ;)

 

The point I'm making is that the risks associated with the cloud are pretty much the same risks we've embraced ever since the widespread adoption of centralized data centers. From the point of view of the client, the data center was in what we would today call the "cloud". You were just as dependent on data center uptime and reliability, carrier reliability and security*, and the trustworthiness of every human involved in the process.

 

*For almost all users, even large corporate users, a "dedicated line" wasn't literally a sole user wire -- it was a service agreement regarding the availability and performance of telephone network services.


  • 0

#34 Murph

Murph

    Hierophant Lord

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 18,748 posts
  • Gender:Male

Posted 29 August 2014 - 1628 PM

Me too.  I don't trust it at all. 

I use cloud to back up only my pictures off my iphone

Otherwise I avoid it like the plague

I don trust it


  • 0

#35 Harold Jones

Harold Jones

    Shaken but not deterred...

  • Members
  • PipPip
  • 9,072 posts
  • Gender:Male
  • Interests:Armor, History, Fishing and Beer

Posted 02 September 2014 - 0844 AM

Surprised something of this magnitude hasn't happened earlier.  http://www.washingto...pm_national_pop  


  • 0

#36 Mike Steele

Mike Steele

    Boobies!

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 15,746 posts
  • Gender:Male
  • Location:Because, Boobies!

Posted 02 September 2014 - 1013 AM

Well this is encouraging...

http://www.welivesec...oid-security-2/


  • 0

#37 Murph

Murph

    Hierophant Lord

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 18,748 posts
  • Gender:Male

Posted 05 September 2014 - 1319 PM

Yeah, the Sheriff's Office phones were blowing up about this yesterday.  I am still astonished that anyone with an IQ over 20 believes that cloud computing is secure, much less for photos that should not get out to the public (although some nymphet starlets probably doth protest too much...). 

Well this is encouraging...

http://www.welivesec...oid-security-2/


  • 0

#38 Tony Evans

Tony Evans

    Member

  • bad boys
  • PipPip
  • 8,686 posts
  • Gender:Male
  • Location:Saint George, UT
  • Interests:History, Science Fiction, Cinema

Posted 07 September 2014 - 1327 PM

Willingness to hand over mission-critical infrastructure to some service provider requires desperation...

 

Nonsense. The minute we started handing over computing to corporate data centers at remote sites, we embraced all, or nearly all, of the risks you enumerate. Even today, your own proprietary data center has employees that could screw you, a physical plant that can be compromised, reliance on links to the outside world that can be cut or hacked, management priorities that might not include you, and a whole raft of other risks that could embarrass you or even put you out of business, if not handled properly. Your arrangements with your corporate data center are in fact just a service agreement, little different in operation or risk WRT a large, reliable cloud services provider.

 

So that ship sailed 40 years ago. And there was no desperation involved in that decision -- except the desperation to find a more efficient way of deploying computing and extending its services to the widest possible customer base. Can't get something for nothing.


  • 0

#39 Ssnake

Ssnake

    Virtual Shiva Beast

  • Members
  • PipPip
  • 6,655 posts
  • Gender:Male
  • Location:Hannover, Germany
  • Interests:Contemporary armor - tactics and technology

Posted 08 September 2014 - 0153 AM

You quoted out of context, and maybe your definition of "mission critical" is broader than mine.

Even today, your own proprietary data center has employees that could screw you

All too true, yet you at least have a chance to filter out misfits in the employment interview, and to treat those that you do hire and to organize their jobs in a way that reduces the incentive to cause harm to your company. The bigger an organization becomes, the more difficult it is to maintain such a difference, of course. So it also depends on what type of a company / organization we're talking here.

 

a physical plant that can be compromised, reliance on links to the outside world that can be cut or hacked, management priorities that might not include you

I'm not debating any of this, yet the major difference is that you have full control over this when you do it yourself, and that you have to simply trust a cloud service provider's claims of adequacy. A cloud center is more robust when it comes to distributed attacks, especially of the denial type, and more flexible if you have a highly dynamic demand for computing power and/or storage space. Like I wrote, using it totally depends on the individual circumstances.

But there's one solution where you can review and amend security at any time, and there's another where verification is a lot more difficult (if not impossible), and changes in security are limited to what the service provider or one of his competitors (claims that he) offers.


  • 0

#40 Tony Evans

Tony Evans

    Member

  • bad boys
  • PipPip
  • 8,686 posts
  • Gender:Male
  • Location:Saint George, UT
  • Interests:History, Science Fiction, Cinema

Posted 08 September 2014 - 2036 PM

You quoted out of context, and maybe your definition of "mission critical" is broader than mine.

 
Not that far out of context. And what I consider mission critical is the same thing most people do -- provision of persistent data storage in a data-centric application environment.
 

All too true, yet you at least have a chance to filter out misfits in the employment interview, and to treat those that you do hire and to organize their jobs in a way that reduces the incentive to cause harm to your company. The bigger an organization becomes, the more difficult it is to maintain such a difference, of course. So it also depends on what type of a company / organization we're talking here.

 

What's with this "you", "you", "you" business? I though I was making it pretty obvious that I was commenting from the position of the corporate client that is totally dependent on a remote company data center. That customer type -- a very common one -- has none of the control you're claiming, yet takes all of the same risks that any user of cloud services is likely to take.  
 

I'm not debating any of this, yet the major difference is that you have full control over this when you do it yourself, and that you have to simply trust a cloud service provider's claims of adequacy. A cloud center is more robust when it comes to distributed attacks, especially of the denial type, and more flexible if you have a highly dynamic demand for computing power and/or storage space. Like I wrote, using it totally depends on the individual circumstances.
But there's one solution where you can review and amend security at any time, and there's another where verification is a lot more difficult (if not impossible), and changes in security are limited to what the service provider or one of his competitors (claims that he) offers.

 

See, you're totally focused on security. Security is just one aspect of the data storage and management problem. And most of the time it's not even the biggest one. Most of the time your problems are reliability, availability, and redundancy. If you're dependent on a small company data center or just a local server room, you may have reliability and availability, but your redundancy sucks. Even if you have totally mirrored mission-critical systems, if your physical plant is taken out -- and it could be, by something as small as the fire sprinklers going on by accident -- then you're out of business. Cloud data storage services look real good when those are your risks. The same goes for a corporate customer that can develop its own apps, but has to scratch and claw to get into a server farm in a data center three states over.


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users