Perceptions and Realities of Cloud Security
A new survey suggests that access policies could use a little work.
Technical glitches plagued the popular Amazon Elastic Cloud Compute (EC2) service, starting from early Thursday morning and stretching into the Easter weekend. To be clear, the problem appears to be limited to Amazon's data center located in Northern Virginia; customers who host elsewhere or who make use of Amazon Web Services' redundant cloud architecture were not affected.
The distinction of this being a relatively localized problem is cutting no ice with customers who find their businesses affected, however. According to a New York Times report, smaller businesses and startups have been knocked offline. Network World reports that these same customers were left "very angry" and wanting to host a server in their own shop. What proved to be disconcerting to observers is the length of the outage-Amazon's entering into its fourth day of disruption at the time of this writing. As you would expect, the company has been accused of being cryptic about the cause of the outage and in failing to supply a definite time frame as to when its data center will be back in the green.
VentureBeat observed that the downtime was surprising, given the amount of backup computing infrastructure that Amazon has. The publication aptly summed up the consternation of the IT industry and cloud competitors alike with the following rhetorical statement:
If Amazon can't safeguard the cloud, how can we rely upon it so?
The truth is that setting up a data center is complex stuff; putting together a robust, flexible computing cloud sold to thousands of users is even more challenging. ITworld to a certain extent nailed the issue on the head when it argued that the Amazon crash has shown "cloud computing" for what it really is-a computing paradigm based on ordinary data centers.
There is no doubt at all in my mind that Amazon has pioneered and built an extraordinary and extremely scalable platform in place of the once-static data center. If the recently open-sourced details of Facebook's data centers and what we know of Google's own data centers are any indication, Amazon has constructed an entire ecosystem of powerful computers linked with high-speed data conduits and supported by vast, highly redundant storage arrays.
Custom motherboards will also be running the company's own customized operating system that allows Amazon to deliver the multiple services offered by its cloud, resource allocation and tracking, as well as billing. Finally, Amazon has topped it off with an array of APIs to support third-party development, and an automated payment gateway that offers seamless transition from payment to allocation of computing instances.
What I am trying to say is that setting up cloud computing is no simple affair, and entails a level of expertise a magnitude higher than that of operating a data center alone. While the multiple layers of technology keep everything humming along on a day-to-day basis, the same complexity also makes identification and rectification of a problem doubly daunting when a catastrophic failure takes place.
On this note, businesses must not be buoyed by a false sense of security offered by high availability numbers, and are well-advised to build contingencies even for cloud-based systems. The advantages and scalability afforded by the cloud are real, and indeed make it possible for SMBs especially to incorporate its infinitely scalable capacity into their computing pool.
Ultimately, though, businesses must realize that there are no perfect systems, and each solution must be weighed according to its relative advantages and disadvantages.