Posts Tagged ‘cloud computing’

In his important 2008 book, The Future of the Internet and How to Stop It, Jonathan Zittrain explains how the generative nature of the Internet – its openness to innovations from the edge – have made it both wildly successful and increasingly vulnerable. The same attributes which allow entrepreneurs to develop new applications on the Internet (e.g. lack of centralized control, non-discriminatory network management, and open standards) also allow criminals to spread malicious code. Professor Zittrain sees the rise of the relatively “tethered appliances” (e.g. iPhones, TiVos, and XBoxes) as the future of the Internet, promoted by companies and adopted by consumers because, when connected to the cloud, they seem to offer security, economies of scale or increased reliability.

But, what if those benefits of cloud computing are as ephemeral as the fluffy masses of water vapor from which they take their name? What if [over-stretched metaphor alert] those clouds are actually a storm front?

This month’s Technology Review has an excellent article discussing the security problems with cloud computing:

[Amazon Elastic Cloud Computing] brought to the masses something once confined mainly to corporate IT systems: engineering in which Oz-like programs called hypervisors create and control virtual processors, networks, and disk drives, many of which may operate on the same physical servers. Computer security researchers had previously shown that when two programs are running simultaneously on the same operating system, an attacker can steal data by using an eavesdropping program to analyze the way those programs share memory space. They posited that the same kinds of attacks might also work in clouds when different virtual machines run on the same server. In the immensity of a cloud setting, the possibility that a hacker could even find the intended prey on a specific server seemed remote. This year, however, three computer scientists at the University of California, San Diego, and one at MIT went ahead and did it. They hired some virtual machines to serve as targets and others to serve as attackers–and tried to get both groups hosted on the same servers at Amazon’s data centers. In the end, they succeeded in placing malicious virtual machines on the same servers as targets 40 percent of the time, all for a few dollars. While they didn’t actually steal data, the researchers said that such theft was theoretically possible. And they demonstrated how the very advantages of cloud computing–ease of access, affordability, centralization, and flexibility–could give rise to new kinds of insecurity.

Couple that with the high-profile Sidekick datapocolypse, the justifiable distress about the impermanence of data on the web, and a number of other events, and a picture of something different than above emerges. But will the general public recognize this and click there way towards a generative future? I’m not so sure. For one, as the article points out, there’s a lot of work being done to secure the cloud, so these initial signs of worry may be nothing more than the birth pangs of a new paradigm that will eventually become secure. As Zittrain points out, though, this would have some bad implications for civil liberties and innovation.

I think the answer, as ironic as it might be, could very well be proposed by the very company to whom cloud computing is said to propose the greatest threat – Microsoft. Ray Ozzie has long said the future is in a mix of cloud and local computing. As appealing as $0.00 for Google Docs is, both legacy and the inevitability of ne’erdowells turning their attention to compromising cloud computing means that the future of the Internet will be a complicated mix of computing paradigms.

In the meantime, though, we should recognize that the future obviously does involve a great deal of cloud computing, and as Professor Michael Nelson points out in his (pay-walled) Science article about Building an Open Cloud or the folks at Autonomo.us explain, the freedoms so hard-fought for during the PC era will need to be adapted to the networked era through both policy design and individual choices.

[Photo credit: CC-BY Licensed by kevindooley]