He get's this right

Story: Resist the Temptations of the Cloud!Total Replies: 28
Author Content
caitlyn

Jul 20, 2011
1:41 PM EDT
Some folks know I often disagree with RMS but when it comes to so-called Cloud Computing he gets it 100% right. I expect the general public and most IT decision makers to ignore him with the usual nasty consequences.
lcafiero

Jul 20, 2011
2:38 PM EDT
True enough, caitlyn. What I find funny was that both RMS and Larry Ellison were agreeing on Cloud Computing several months ago -- one definite sign that the Apocalypse is near :-)
flufferbeer

Jul 20, 2011
6:48 PM EDT
I find it highly ironic that there is another related post in today's Newswire, this one about online (read:Cloud) file storage options. The post lists five cloud storage options besides Dropbox; they are ownCloud, ADrive, AeroFS, Syncany, and Jungle Disk. I guess there is a keen demand for STORAGE SERVICES in particular within the Cloud.

2c

Steven_Rosenber

Jul 20, 2011
7:45 PM EDT
Storage in the cloud with local applications is a good compromise between app+data in the cloud (Google Docs), app+data locally (traditional PC). For me anyway.
jdixon

Jul 20, 2011
7:51 PM EDT
> Storage in the cloud with local applications is a good compromise between app+data in the cloud

For anyone who's concern with the security of their data, that's exactly backwards. You don't really care if someone knows what apps you run, but you do care if they can get to your data.
Fettoosh

Jul 20, 2011
8:13 PM EDT
Quoting:Storage in the cloud with local applications is a good compromise between app+data in the cloud


When data security is a concern, apps+data should both be local. There are no compromises in security. How would anyone know if a remotely run app is not compromised and secretly made to write/copy the data on a remote storage?



Steven_Rosenber

Jul 20, 2011
8:29 PM EDT
Quoting:For anyone who's concern with the security of their data, that's exactly backwards. You don't really care if someone knows what apps you run, but you do care if they can get to your data.


I only work on things in "the cloud" that I don't mind the world seeing. Anything else stays on the local drive and is backed up locally as well.
fewt

Jul 20, 2011
9:23 PM EDT
Quoting:When data security is a concern, apps+data should both be local. There are no compromises in security. How would anyone know if a remotely run app is not compromised and secretly made to write/copy the data on a remote storage?


Why? They can also be compromised locally if you don't take proper precautions. How would anyone know if a remote app were compromised? The same way they would know if it were a local app.

Host based IDS, Network based IDS, network profiling, URL pattern monitoring, among other methods.

All can be done in the cloud. The real challenges come in the form of data protection at rest and in transit which you can do, but it's still not seamless (or even easy).

RedHat is working on a cloud technology called OpenShift that seamlessly integrates with several cloud providers to build on demand services.

I'm personally still not sold on cloud technologies, but it is here, and it is being used heavily.
fewt

Jul 20, 2011
9:40 PM EDT
@caitlyn - I agree in the context of existing cloud services, RMS makes a really good point.

However, in the context of using the cloud for hosted infrastructure as a service, I don't agree with him completely.

He is (kind of) blaming technology for a technology governance issue. The solution isn't to move data out of the "cloud", it is to place the proper controls related to use of that data around the data, and then to enforce them.

Lots of entities do it today, like VISA for example (PCIDSS).
Fettoosh

Jul 20, 2011
10:48 PM EDT
Quoting: They can also be compromised locally if you don't take proper precautions


True and it is a given which no body should question it. The difference between local and remote is what the user can or can't get control of. Locally, a user or organizations have total ownership and control over their infrastructure. Remote cloud infrastructure is owned and controlled by another entity and the privileges or permissions users have is what is agreed to in contracts. Good luck with that.

cabreh

Jul 21, 2011
2:44 AM EDT
@fewt

The comparison of security between remote apps and local ones breaks down if the entity doing the compromising is the remote service provider. Something they can do on "their" system, but not on mine.

fewt

Jul 21, 2011
6:48 AM EDT
@cabreh - Good point, but what about the rumors of hardware being compromised that have been floating around lately? That takes control out of your hands within your own farm.

Nothing is safe anywhere, but you are right it would be something an external provider would be able to do.
jdixon

Jul 21, 2011
8:34 AM EDT
> I only work on things in "the cloud" that I don't mind the world seeing.

Wise beyond your years, Steven.

> They can also be compromised locally if you don't take proper precautions.

Yes, if. How do you know what precautions the cloud provider has taken?

And even if they claim to properly secure your apps and data, what if they fail? All you have is a piece of paper. Do you really have to resources to fight a court case if they don't uphold their end of the deal?

People seem to think contracts have some magical property which always guarantees compliance. They don't. And when one side doesn't hold up their end of the agreement, enforcing it can get very messy and very expensive very quickly. Just ask the former Sun execs how well that java contract with Microsoft worked. And Sun had the resources to take it to court and win. Most people (including most small companies) don't.
fewt

Jul 21, 2011
8:46 AM EDT
@jdixon - You seem to be making a lot of assumptions. When you work in the cloud, you remain responsible and accountable for the data you host there.
Fettoosh

Jul 21, 2011
9:33 AM EDT
Quoting:When you work in the cloud, you remain responsible and accountable for the data you host there.


So why do I need the cloud then for?

fewt

Jul 21, 2011
9:41 AM EDT
@Fettoosh I didn't say that you did. Either way though, you are responsible and accountable for any data you host no matter where you choose to host it.
penguinist

Jul 21, 2011
9:56 AM EDT
Gentle people, what is comes down to is this:

You can put your data on your own server, or you can put your data on someone else's server. In either case you are "responsible and accountable" for your data, but only in one case do you have control of your data.

I think that what most people here are trying to express is that "responsibility and accountability" without control leaves many uncomfortable. If you have control then you must trust only yourself to insure and verify the security of your data. If you do not have control then you must hope that your provider earns your trust.
Fettoosh

Jul 21, 2011
10:18 AM EDT
Quoting: I didn't say that you did.


That doesn't answer my question, let me rephrase.

If I were to use a cloud service and I am still responsible and accountable for my data, which means I still have to have the staff to manage, secure and maintain the data, what are the benefits of using a cloud service then? Is it just sharing hardware? That is no benefit since I can do that in house for a lot less cost (hardware is cheap) and and without any constrains.

In my opinion, cloud is not beneficial unless it is done in house and only where it is practical and makes sense.

dinotrac

Jul 21, 2011
10:18 AM EDT
@penguinist --

Yup.

Years ago, I worked for EDS in the Ross Perot days.

People outsourced their work to us in a way that would be a philosophical kin to today's cloud. We handled the technical heavy lifting, set up the systems, ran them, and even had our own cloud metaphor -- the fuzzy blob. My data center had a control room that was modeled after mission control in Houston, and our techies wore suits just like the, umm, suits, both of which made a nice impression on the potential clients who would come by for tours of the place.

We also had clear SLAs with significant penalties if we screwed up. Agreements were negotiated between people who knew what the heck they were doing -- including the technical side of things, and we had hefty incentives to do our jobs right. Lots of money involved, and lots of money to be made.

I'm sure the same things can be said for some users of the cloud, but there seems to be little emphasis on putting your cloud provider's back against the wall and making sure they have strong incentives to protect your business.
fewt

Jul 21, 2011
10:25 AM EDT
Quoting:If I were to use a cloud service and I am still responsible and accountable for my data, which means I still have to have the staff to manage, secure and maintain the data,


Yes, and the same is true for internally hosted data.

Quoting:what are the benefits of using a cloud service then?


Cost, hosting in the cloud is cheaper than maintaining a datacenter. You gain the same capability (with caveats) without having to worry about leasing, power, cooling, hardware, etc.

Quoting:Is it just sharing hardware?


Cost savings, and scalability.

Quoting: That is no benefit since I can do that in house for a lot less cost (hardware is cheap) and and without any constrains.


What about power, cooling, leasing, fire protection, monitoring, and all of the other associated costs? If you are thinking only in terms of hardware you are failing to see the bigger picture.

Quoting:In my opinion, cloud is not beneficial unless it is done in house and only where it is practical and makes sense.


The cloud makes sense in some cases, and not in others. Really, it depends on the requirements of the application being hosted, and the level of protection of data required.
Fettoosh

Jul 21, 2011
10:51 AM EDT
In corporate world and to some extent in personal, data value and security prompts other costs.

If I mentioned hardware only, that doesn't mean I ignore other tangible expenses. I assumed you know better and didn't need the details. I guess I was wrong.

Any how, adopting the cloud concept is tricky business and each individual entity should have a business plan before making the jump. The cost of IT centers also depends on many factors that are different for each organization.



fewt

Jul 21, 2011
11:44 AM EDT
Quoting:If I mentioned hardware only, that doesn't mean I ignore other tangible expenses.


@fettoosh but what you said was:

Quoting:That is no benefit since I can do that in house for a lot less cost (hardware is cheap) and and without any constrains.


This means that you didn't even consider any of the other expenses. Why do you keep back peddling, and implying you said things that you didn't? You did that yesterday too in the other thread.

Quoting:I assumed you know better and didn't need the details. I guess I was wrong.


Knew better than what? You assumed that I knew that you were considering the additional costs that you didn't mention or imply? That would have been a silly assumption on your part.

Quoting:Any how, adopting the cloud concept is tricky business and each individual entity should have a business plan before making the jump.


That's what I implied when I said "The cloud makes sense in some cases, and not in others. Really, it depends on the requirements of the application being hosted, and the level of protection of data required.".

Quoting:The cost of IT centers also depends on many factors that are different for each organization.


The costs can change depending on the type of data center considered, yes. Tier 4 is more expensive than Tier 1.

All of them have some common costs, like power, cooling, walls, and a roof for example. It isn't really that much different for each organization when you drill down to the base requirements. The cloud is just another data center, only completely virtual.
jdixon

Jul 21, 2011
12:17 PM EDT
> I'm sure the same things can be said for some users of the cloud, but there seems to be little emphasis on putting your cloud provider's back against the wall and making sure they have strong incentives to protect your business.

Exactly.

> Really, it depends on the requirements of the application being hosted, and the level of protection of data required.

Again, absolutely true.

But the cloud is being sold as a universal solution, which it isn't. There are trade-offs involved, and those need to be considered carefully. Some of which are: Data backup and provisions, data security, application suitability, application security, the legal liabilities of both parties (many companies will hand your data over to the police upon request, without a warrant. Even for those who won't, the legal requirements for gaining access to the data are generally less than they are for data on your premises), availability of the service and the guarantees/penalties of such, and (finally) the legal costs of enforcing the contract in case of a dispute.

If you want easy access to and easy sharing of your vacation pictures from last summer, the cloud may be suitable (just make sure none of them are pictures of your 4 year old daughter taking a bath, or you may be up on child pornography charges). Your IRS tax return information is more problematic. Essential business information is even more so. Data such as customer medical or financial information should probably never even be considered.

Look. I do IT work in desktop support. I take care of the day to day things like installing computers, installing network equipment, installing software, troubleshooting hardware, software, and network problems, replacing toner cartridges, unjamming printers, etc. I'm not management or legal. Yet even I can see the limitations and problems inherent in cloud hosting. It's not the panacea it's being marketed as.
alc

Jul 21, 2011
4:17 PM EDT
An interesting read at http://www.zdnet.com/blog/hardware/why-you-shouldnt-trust-go...
JaseP

Jul 21, 2011
11:08 PM EDT
JDixon's got a point, but I think that "cloud" for business solutions will more likely evolve into co-located services hosted by the contractor at the client's location, with back-up services at the contractor's location... And you'd still have local printer and network issues, etc, that require on-site support. The Siemens guys who service my work location deal with largely hardware, while the help desk deals with remote issues... So that'd be largely the same.
Fettoosh

Jul 22, 2011
1:12 PM EDT
Quoting:That would have been a silly assumption on your part.


Yes, I grossly over estimated your knowledge of IT operations and intelligence.

fewt

Jul 22, 2011
1:33 PM EDT
Quoting:Yes, I grossly over estimated your knowledge of IT operations and intelligence.


Says the anonymous coward that has yet to make a single intelligent argument. It is obvious that you are too stupid to be a troll, and too ignorant to admit fault so I'll just get off the ride here.

I'm sure your next response will be how you've run me off, but unfortunately for you, that will just be another indicator of your sizable mental deficiency.
Fettoosh

Jul 22, 2011
3:49 PM EDT
Quoting:Says the anonymous coward that has yet to make a single intelligent argument. It is obvious that you are too stupid to be a troll, and too ignorant to admit fault so I'll just get off the ride here


Right back at you and good riddance.

Fettoosh

Jul 22, 2011
11:07 PM EDT
Quoting:Tech Comics: Let Cloud Computing Make Your Life Easier

http://www.datamation.com/news/tech-comics-let-cloud-computi...



This sums it all up

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!