a central point for collection of information as it relates to cloud computing in the government
Another Definition of "the cloud"
September 23, 2009 at 2:17 pm #81274
leans toward definition as understood from a legal perspective...
Blog Entry from infoseccompliance.com
Posted on August 18th, 2009 by David Navetta
What is Cloud Computing?
How about a picture to start off:
The National Institute of Standards and Technology (NIST) has provided a definition of cloud computing that is helpful, but not really in plain English. Moreover, it does not really help to illuminate the legal aspects of cloud computing. So here is my attempt.
From a user’s perspective, when utilizing cloud computing, rather than data processing and storage occurring on an individual’s laptop or desktop computer (or a company’s internal network), it happens on computing platforms run by third parties (such as Google, Yahoo, Amazon, etc). Services that may be available through those cloud platforms include data storage (e.g., infrastructure as a service (IaaS)), application development/deployment (platform as a service (PaaS) and software hosting (e.g., software as a service (SaaS)). So rather than store data on an organization’s own computer network, if purchasing IaaS, the data is stored on servers “in the cloud” and available on demand by the organization. Rather than installing and maintaining data/software on a network or desktop computer, the data/application is hosted on computers in the cloud and available on demand.
This can result in cost savings because companies using cloud services need not purchase their own infrastructure or software, need not hire people to maintain it, and need not regularly upgrade when necessary. In addition, cloud computing is highly and cheaply scalable. So rather than maintaining an over-capacity of computing power (e.g. extra servers only used for the holiday e-commerce rush) companies can maintain variable capacity levels to suit their immediate needs using the cloud. Moreover, utilizing the cloud will allow companies to take advantage of the best and latest technology since they will not have to disassemble and rebuild their entire IT infrastructure in order to upgrade. For more information on some of the technical aspects of cloud computing, please check out this white paper put out by Sun Microsystems.
That is all nice, and fairly understandable, but what IS the cloud? Right. Some analogies are in order. Think of airlines and how they sell seats. Sometimes seats are still available for a flight as the departure date gets closer and closer. From the airline’s point of view it is better to sell those seats for a lower price then to let the plane take off with empty seats. As long as can sell the seat for a price that exceeds the cost of taking a passenger. Bring this same rationale to the e-commerce context. Amazon.com has huge server farms that can handle millions of transactions. During the 3 month holiday period its servers and processing abilities may be taxed to their limits because of high online sales volumes. Then of course, February rolls around and all those servers that hummed during the holiday season suddenly lay dormant. Yet Amazon still needs to maintain them so it can be ready for the next holiday rush. What to do? Rather than let that processing capacity go unused, why not sell it to third parties? Allow an application service provider to host its application on Amazon’s computers for a price. Allow an organization to store and process data on Amazon’s servers. In fact, since any additional funds received (above maintenance costs) are “gravy” perhaps Amazon could charge a lower price than other companies that provide capacity. This rationale can serve as a building block for companies to get into cloud computing.
The second rationale/building block is economies of scale. Going beyond the Amazon rationale of attempting to sell excess capacity that it had to have anyway, savvy IT companies began to realize that they could sell processing capacity as a business. In fact, computing processing prices have continued to drop more or less as predicted by Gordon Bell’s corollary to Moore’s Law. Beyond that, companies like Google have begun to realize that if they build massive server farms they can bring down their per unit of price for processing power even further. Moreover, with highly evolved technologies they realized they could create additional processing efficiencies and bring down the per unit price of processing even further. Based on these economies of scale, cloud platforms realized they could provide processing capabilities much cheaper than companies that did it all “in house.”
Terrific, so how is this any different than a typical outsourcing relationship? Why is this a Cloud? One of the key differences between a traditional outsourcing relationship and cloud computing is where the data resides or is processed. For example, in the traditional outsourcing situation, a company looking to offload some of its data storage would create a dedicated data center and then sell the storage capacity to its clients. The data center might be in another country, but for the most part the client knew where its data was going and where it would be stored and processed.
Enter the cloud. In a cloud environment, geography can lose all meaning. Cloud platforms may not be able to tell “where” data is at any given point in time. Data may be dispersed across and stored in multiple data centers all over the world. In fact, use of a cloud platform can result in multiple copies of data being stored in different locations. This is true even for a “private cloud” that is essentially run by a single entity. What this also means is that data in the cloud is often transferred across multiple borders, which (as discussed below) can have significant legal implications.
It gets more complicated when you begin talking about the “public cloud” or “hybrid cloud” and interactions between cloud providers. In some public cloud set ups, the players in the cloud are essentially trading processing and storage capacity. So if Google has excess capacity at a given point and time, and Amazon or Amazon’s clients need more capacity than Amazon can provide, it can buy some capacity from Google. Some refer to this as “surge computing.” The analogy here is electricity companies and providers. In warmer climates during peak electricity demand times, the local power company may not be able to generate enough electricity to meet increased demand, and will have to purchase it from other companies who are not at full capacity. Under the cloud arrangement, data is like electricity, essentially fungible and able to be moved instantaneously to available servers and computation resources. In fact, cloud computing providers will begin charging for the cloud the same way electricity is charged: based on units of use (in this case computing cycles). So in the cloud, while the data may have started out on an Amazon server in the European Union, when handed off to Google it may be processed in the United States, China or some other country where Google has servers (in fact countries like China and India are very keen to get into this business since they think they can provide these services for even cheaper). Moreover, the parts of the data may be copied and sent for processing to other participants in the cloud. To the Amazon user all of this movement of data and processing across multiple borders involving multiple entities and even multiple copies of data is invisible. The Amazon user simply gets back the answer it expected when it began the processing transaction.
You must be logged in to reply to this topic.