A little more than 2 years ago I put down on paper rudimentary thoughts (and borrowed some good ones of course) about the risks of cloud computing. Since then there has been no stopping the cloud tsumani. I recently got introduced to Apple's iDisk. A near perfect utility: an innocent looking icon on the desktop where you can move all your beloved stuff to the "cloud".
Where the photo's, documents will go, no one knows.
Here are some of those risk-related properties of cloud computing that were swirling in my mind not so long ago:
- Trust and lack there of: How (or why) do you trust a cloud provider to do the right thing? The root of the matter is putting a believable trade-off in place between the risks and one's alternatives. No surprise here.
- Ease of Reach: Anything (data, machines, applications) that will be neatly placed "out there, somewhere" will be at an elevated risk of abuse by some disgruntled employee, hacker or [insert favorite bad nation here]. The network is the hack. Like black magic an invisible hand will reach over the ether to tinker with, break-into and cause mischief.
- Dispersed Data: Personal, private, pseudo-classified and classified data ... all sitting side-by-side. It just sounds and feels so unnerving... no matter what precautions or promises are made by the trusted provider. Of course there is an answer: isolation. On the spectrum of shared everything, or shared nothing you will have to pick your position.
- Virtual Time: A Google, salesforce.com or any cloud provider will take advantage of a secret sauce coined: virtualization. Long story short: virtual machines and storage live in a world of virtual time (and space). Without proper accounting, the space-time-continuum can get out of order. Realistically, an anti-virus scan can get tripped up.
- Mobility: Those virtual servers (which are essentially files) will be placed and then moved around the network whether for maintenance, resiliency or due to randomness. The files will take with them whatever -- data, malicious ware, outdated policies.
- Fate Sharing: A multi-tenant application or infrastructure that is hit by a catastrophic attack will affect all customers. Unlikely event. But those are famous last words.
- Old Foundations: The internet was not designed for a hostile setting. It is anonymous. It is about speed. There are no safeguards for privacy. It is about openness. All at odds with locks, keys and body guards.
- Emergent Properties: My favourite one of all. The "i don't know what's about to hit me, cause this is all so new". Have a house? Add a window. You have added change. Change = vulnerability. Have a cloud? Who knows whats going to be exploited...
