“The Network is the Computer” was the tagline used by Sun Microsystems for years. It captures the essence of what we take for granted today using our smart phones, wireless laptops and general World Wide Web usage.
Today, many customers are actively looking at hosted computing that has become ubiquitous with the word “cloud”. This “cloud” is a virtual pool of computing resources; servers, storage, network and applications. Many of these services have been around for 15 years such as Googles Gmail, Hotmail owned by Microsoft now moved to Outlook.com. Consumers would open a browser, login to send, receive and store emails. This was followed by retailers such as Amazon and ebay then social media such as MySpace, Facebook, Twitter and LinkedIn. Corporate customers cut their teeth with SalesForce.com as one of the early innovators of cloud services.
Now we have not just a plethora of web services from Dropbox, YouTube, Twitter to every major retailer having a web presence and countless more. Corporations though are looking at cloud providers: both major players, custom players and boutique players. The major players consist of offerings like Microsoft Azure, Amazon Web Services (AWS), Google Cloud, Oracle Cloud, IBM’s SoftLayer and VMware’s vCloud Air. Some of the custom cloud providers may have a mix of “CoLo” or Co-Location where customers place their own compute resources into someone else’s datacenter. They may retain their own administrative resources or use a managed service offering from that CoLo facility. Examples that come to mind are ATT, OVH, SuperNap, ScaleMatrix and TeraGo. Boutique clouds tend to be high touch, white glove and often specialize in specific services. Examples of Boutique cloud providers are SIS (www.thinksis.com) who I currently work for, Black Mesh and Global IT.
Regardless of what online services you use as a consumer or which corporate cloud provider they use, what are the threats to using these services? Clearly, one of the most insidious and ever increasing threats has been cyber terrorism. These threats, attacks, damage and thefts are ongoing. Some of the cyber terrorists are individuals and criminal syndicates; often from the former USSR countries and the Eastern Bloc countries. Other cyber terrorism is state sponsored meaning it is backed by the government of a country such as China, North Korea, Russia, Iran and others. Lastly, there are corporate terrorists. These are sometimes linked with state sponsored terrorists where the corporation is used as a front for their malicious activity.
Other threats to cloud users is the provider itself. They suffer outages due to infrastructure failures, failures outside of their control such as a construction crew putting in a new water line accidentally digs up a data line carrying network traffic out of the cloud providers. Most of the issues described by the latter issue are addressed as the better providers have redundant everything from Power, networking, cooling, facilities, etc.
The general concept for a cloud provider to make money is to deploy as inexpensive of infrastructure as they can, deploy as many customer workloads onto as few servers as possible driving up the system utilization just to the point of pain then dial it back 1 notch. This businesses model is at risk if they are not diversified or have other revenue streams as they only make money between the cost of goods provided and cost of goods sold. They are constantly trying to identify ways to reduce the cost of servers, disk drives, storage, adapters, network components as well as using lower cost resources to manage the operations desk or provide administration. Depending on the business, employee cost is at the top of expense cost. Finding resources with most of the needed skills for 25% less cost is probably good enough. The sum of these cost saving efforts can lead to a weakened environment due to increased operator error. Compatibility with software due to the use of white-box servers is less predictable leading to problems often not seen until specific features are needed. Reliability may be lessened with white box servers because they build the servers themselves such as Google does or obtain from a no-name provider who delivers a basic server consisting of cpu, memory and I/O with no bells and whistles that translates into lacking reliability & serviceability features. This may all be managed by resources that are junior, lacking professional certifications, experience and skills handling not just the day to day processes but also when there is a critical event. Do they do the proper triage, problem analysis and determination implementing a logical plan to resolution?
Of course, every provider is different and cloud providers are not the only ones at risk as many customers have computing operations far worse than most clouds. This may be why they are looking to cloud providers to improve their situation. In many, if not most cases, placing workloads often described as “Systems of Engagement” into the cloud makes sense while retaining “Systems of Record” at the customers premise. Cloud providers are especially vulnerable to cyber attacks because of the many holes coming into their facilities to support the customer diversity. Once inside the network an attacker will wait patiently to learn information about the environment to plan their next attack. With regard to the infrastructure, some shops invest in both architects and engineers to build, deploy and maintain their infrastructure. With discipline and skill they overcome the challenges that lesser providers struggle with; maintaining cash flow while keeping the lights on and payroll met.
We just have to look at the recent outages at AWS http://fortune.com/2015/09/20/amazon-cloud-snafu/ over the past week (Sept 26, 2015) to see how it can impact a business. we all have probably felt the impact of this whether it is our bank using internet banking, logging into a school computer down for maintenance or using a major internet service like NetFlix. How many customers like this will endure frequent outages before they decide to move back to an on-premise solution or at least a hybrid solution? With regard to cyber attacks, the list of companies attacked in 2015 would double the size of this blog to write them all out. How many of those will occur before businesses decide they cannot afford to not be in control of their network backbone, interview and hire their own people so they know the capabilities of the resources responsible for solution remaining safe and available.
I am not predicting a bubble but have to wonder why we wouldn’t expect one due to the security and availability threats.
Tell me what you think in the comments section.