Data Security in Public Clouds

One of the (may be the only one) interesting questions raised during the cloud camp was about the data security in public clouds. And there were some people from pharmaceutical companies who are actively involved in evaluating clouds.

I raised them this question. "Other than human aspects, are there any problem/issues in moving their data in to cloud and doing computations within cloud to improve their throughput? Obviously assume your applications will perform and scale much better within clouds". The answer was "No". Shocking one for me too.

Company management feel sense of ownership and control when their data is around and they feel unsafe when its in somewhere else, irrespective of the security measures.
The arguments were first questioning the credibility of cloud providers. It can be a problem with a small provider, but with a company like Amazon, I don't see any issue. If people can leave all the passwords to access their accounts within GMail itself, then why is this a worry?
Also they were not sure about the security measures. I think computer scientists are using best security harder to break. Amazon at least uses X509 certificates.

What I argue is, if some one wants to hack in to company data then it is easier to hack in to that particular company than to hack amazon. May be due to economies of scale or may be due to protect the reputation cloud providers can employ the best methods. And thats part of their day job. Can a pharmaceutical company do better than them? I doubt it.

However hard your security measures are, it comes down to human errors to break the system. People are keeping their passwords in their emails. I've seen people emailing their private keys around. People can be bribed to do certain things. So will it be extra safe if you keep your data inside your company? If making the data in to S3 or any other cloud is the only problem you moving in to cloud, then you have to think serious and sensibly.

May be lawyers might not understand how good current computer security measures are, but I ultimately what matters is the growth of the company, beyond the myths.

Read more...

Berkley Talks About Cloud Computing : A Very Good Paper

(Warning : My opinions can be biased towards academic point-of-view and not to marketing)

Finally Berkley came forward to write basics about cloud computing with this technical paper.

Even though I don't agree with some of the points, berkley paper is very good. And it is very obvious that there are some people blaiming to this paper that academics doesn't know anything clouds. Those sorts of blaims are obvious from the people who just go behind the buzz words and create businesses around them.

Berkley paper, mentions cloud computing as utility computing + SaaS and also discards the similarity between clouds and grids. From academic point of view, some people, including the pioneers of grid argue that Grid and clouds are the same. Even during the recent eScience conference, there was huge debate on the difference between Grids and Clouds.
Theoretically Grids and Clouds may be similar, but the Grids that we see through Globus is much much worse and different than clouds. At least, clouds work !!

Berkley paper separates private clouds from Cloud computing, which I don't agree (May be because the lab is funded by the software giants in the industry). As academics, I think we should also look at few aspects of cloud computing, irrespective of whether they are public or private clouds.

1. What are the underlying technologies of clouds which are interesting to be used/investigated. How can we improve them?



I think this is exactly what Rich Wolsky is doing with Eucalyptus, which is good. If they are successful in doing Turing test for Eucalytpus and Amazon EC2, then computer scientists can look in Eucalyptus and study it to improve further.



2. How can we use clouds in scientific computing? Can we use clouds and grids interchangeably? What are the challenges and drawbacks of clouds?



This has already become a hot topic in eScience world with lots of papers coming out in conferences, investigating various aspects.



3. If we get a set of commodity computers, or a powerful cluster, why do we install a cloud environment vs grid environment vs a personal job manager?
   




This completely depends on the requirements and sub-part of this question will be to find out for what applications or environments clouds is good for. At least in IU, they use virtualized environments to host most of the academic service so that they can dynamically allocate resources to services as and when they need it. Even though virtualization is just one aspects of cloud computing, what else can improve these systems? Where else can we use virtualization?





I think this is one of the topics even the CTOs and CEOs of the companies should think about. Will I be successful in cloud? What applications are suitable of moving to clouds.

When I went to the recent Cloudcamp in Indianapolis, I was really disappointed on how people have gone crazy about this idea of cloud computing. A Set of people were trying to convince to the CEOs and CTOs that "Cloud Computing" is "The Technology". But both parties never knew or answered why they should move to cloud or what they should move to cloud.

In one of the discussions one was advocating to a CEO that he should move to cloud. The CTO was never asked what type of products or work they are doing. If they have products, will they be successful in Cloud?
It seems for most of the people cloud is a buzz word than anything else, which will die very soon. People create marketing hype around these things to get more business and money towards them and poor CEOs and CTOs get in to trouble.

I think marketing places a keyrole in making hype around certain things. So companies, researchers and individuals should be careful, before taking un-informed and blind decisions.

Read more...

Norway seems to understand the truth at the end

Previously I posted explaining why we have war in Sri Lanka.

One of the reasons for things to get this worse is that Norway is playing an unusual role. Once being the negotiators, they screwed up everything.

Then they gave arms, training and all the infrastructure to these terrorists. They also financed LTTE. Then they tried to draw attentions internationally making false statements.
At last now they are ready to accept the truth. With this news, they finally want LTTE to accept the defeat.

They urged the rebels to "discuss with the government of Sri Lanka the modalities for ending hostilities, including the laying down of arms, renunciation of violence, acceptance of the government of Sri Lanka's offer of amnesty; and participating as a political party in a process to achieve a just and lasting political solution".

Mahathma Gandhi once mentioned this.

"First they ignore you, then they laugh at you, then they fight you, then you win. "

Read more...