© 2009-2018 by Zack Smith. All rights reserved.
IntroductionThe core premise of cloud computing is that it is a good idea for everyone to move their personal and business files and activities from their computer or tablet to faraway Internet servers, called the
cloud, accessing them typically through web-based user interfaces and apps.
In the most extreme form of cloud computing, once users' data are moved onto the company's servers, they are not supposed to return except to be cached. A major assumption of cloud computing is that users of cloud services will have access to the Internet 24/7, 365 days per year. That is wishful thinking.
Depending on how you define cloud computing, there are some benefits to it, and there are numerous hazards. From a computer security perspective it can seem a bad idea. From the perspective of ownership of data, it is usually a bad idea. From a practical perspective of whether access to servers is even possible, it can be a very bad idea. In this essay, I will explain the negative aspects of cloud computing, followed by some ideas as to how it could be done right.
What is cloud computing?
Ignoring the extent to which
the cloud is just a marketing gimmick, as depicted in the Dilbert cartoon above, cloud computing is really just a reinvention of
thin client computing -- an idea that failed with a thud some years ago. Not everything that fails at first (or repeatedly) will fail later however, as the iPad has proven with regard to tablet computing. This time around conditions are better for the idea to take hold.
Indeed some forms of cloud computing have taken firm hold already but in a bad way.
Back in the day (the 1990's) thin clients were supposed to be smart terminals that connected workers or customers to corporate servers where the actual data was intended to reside and where computing was done. There was an implied interaction that involved sending and receiving substantial data.
Clients that send and receive dataToday's equivalents of thin clients are numerous and are of several types:
- A web browser running on your PC or Mac.
- An app running on your PC or Mac e.g. a Dropbox type of program
- A web app running on your tablet or phone.
- An app running on your tablet or phone.
- Point-of-sale computers
- Google Glass
Clients that mainly receive dataThese are far less numerous than trasmit/receive.
- An app running on your TV set-top box e.g. Netflix
- e-Book readers
Clients that mainly transmit dataThese are becoming numerous but are less numerous than transmit/receive.
- An app running on your PC or Mac e.g. a cloud-backup program
- Live video streaming e.g. via phones.
- Sensors on your body
- Sensors that detect people entering a store
- Networked webcams and baby-cams
- Security cameras that transmit to
- Spying equipment e.g. license plate readers
- Sensors for environmental conditions e.g. iPhone-connected radiation sensors
- Sensors installed at manufacturing plants
- Smart power meters
One could argue there is also a fourth category, which limits both transmitting and receiving greatly. An electronic bar game might be an example.
What else is cloud computing?
Cloud computing has also been used to refer to scalable virtual servers, the use of which a company can rent for various purposes. These servers can provide a varying amount of web server capacity and database capacity, and may provide a variety of databases and scripting languages.
These are popular because many companies no longer want to maintain their own servers. This simplifies their lives but it also puts their customers' data in the hands of companies that may not take those customers' security so seriously, especially if spooks come calling, demanding data.
There are many examples of
elastic cloud services, the most prominent being Amazon Web Services (AWS).
What is innovative about it?The first innovation of cloud computing is that whereas thin client computing did not embrace a web interface because at the time browser functionality was too simplistic, cloud computing does. But it may do so to a fault, because web interfaces and servers can be insecure, and browsers are frequent targets of hacking attacks.
A second innovation is that cloud computing has been bolstered by the arrival of mobile apps, which it has also helped popularize. The popularity of these apps has resulted in an expectation among consumers that new products will be connected to cloud services, such as Twitter and Instagram.
A third innovation is that clients can be devices that mainly transmit, like networked baby cams, apps that upload short videos, and
smart power meters, as well as devices that mainly receive data.
On meritMany technologies have pitfalls and cloud computing is no different. It matters that cloud computing be done well and that its flaws are not hidden or ignored.
Server-based computing is not inherently useless. There is value and convenience in:
- Having your home directory NFS-mounted and located on a server somewhere.
- Connecting to a shared local printer over a network.
- Accessing your email via a mail server or even stored on a remote POP3 server.
- Streaming music from music service or a local MP3 server.
Criticisms of the cloudWhat's wrong with cloud computing? Afterwards I will ask what redeeming qualities this technology may have.
0. Scare tacticsOne form of cloud computing is online backup, which is often marketed as being about backing up your critical data, the unproven claim being that it's always at risk because a hard drive failure could occur . But the truth is that the risk to you of data loss, if you simply make backups, is very low.
1. False conveniencePutting your personal and business files on other people's servers has always been and always will be a fundamentally flawed idea, and one that is convenient but should be unnecessary. In a perfect world, it ought to be possible to keep one's files with oneself, or on a home-based server that one owns, or encrypted on a server that someone else owns.
2. Physical lack of accessIt's no revelation that most people are not connected to the Internet most of the time. In Silicon Valley they may be, and in big cities many people have mobile phone plans with lots of data, but that's not the case for a large percentage of the people. There are in fact some people who have little or no Internet connection.
3. Cost of Internet accessTo make full use of cloud technology, you need fast and unlimited Internet access, preferably access that is connected with you mobile phone plan so that you can use it on the go. If you live in a metropolitan area you can get reliable 4G access, but you'll pay a lot for it. At present it seems to cost about $60-$100 per month. This excessive cost creates a new division between haves and have-nots.
4. Cost of cloud services e.g. storageThe moment when you decide that your files must be located on remote servers, you become the huxters'
mark. They decide you're their sucker and hence their false claims of enormous convenience multiply while their relentless scare tactics about lost files move like a mud slide in your direction. If you decided you don't want to pay, then the legal fine print that you agreed to will make your personal data the property of cloud service providers.
5. Hacking attacks by outsidersWhen you put your data on someone else's server, you are at risk of having that data stolen by people who hack into those severs. You trust that the cloud service providers are competent, and that they care about the privacy of your data (which they probably own). If you did not take a deliberate step to encrypt your data before uploading it to the cloud, your trust is in vain.
The seriousness of the hacking risk was demonstrated in 2010 when hackers based in China broke into Google gmail accounts in search of emails about human rights activists in China. Wired article.
6. Data theft by insidersPutting personal or company files on cloud servers opens a pandora's box of possible corrupt practices, perpetrated by whoever owns the servers, and/or by whoever administers them, and/or by anyone else at the cloud company who has managed to get access. Unless your data is completely worthless, the best practice would be to avoid uploading it.
7. EspionageCorporate and government espionage are becoming a big problem. Technology makes spying and stealing data easy. Why, at this point in history, when snooping and hacking are fairly widespread, would anyone want to make things easier for crooks and spooks? Furthermore, who is to say that cloud service owners are not in the business of corporate espionage, or are not co-opted by government spying agencies?
Yahoo allegedly sells a year's worth of emails for just $60. (See details at Cryptome.org.)
In 2012, the US government argued that once you upload your data to anyone else's server, your private property rights to that data become severely limited. Electronic Frontier Foundation article.
8. Server outagesWhen servers go down, be it for hours or days, you don't have access to your property. How convenient is that? And when data loss occurs during an outage, you could find youself without your data forever. If your data had no real value, or only a little, data loss could be perfectly acceptable.
9. Diversion away from freedomJust when the free software movement has succeeded in liberating consumers by providing free applications for just about everything, including:
- office suites (OpenOffice)
- image editing (GIMP)
- photo editing (DarkTable)
- CD ripping (CDex, KAudioCreator)
- audio players (Winamp)
- video players (Mplayer)
- diagram-drawing (Dia)
- web browsers (Firefox)
And so on, the cloud people suddenly arrived to tell you to abandon all that useful software so that they can entangle
you with benign-sounding online
apps and streaming services.
10. Health impactCloud services require Internet access, preferably on the go. The problem is that the wireless signals tend to be around 2.4 GHz band, which is microwave radiation.
People who use microwave-transmitting devices close to their bodies have been shown to be at greater risk of cancers wherever on their body the device was located, according to experts. See Dangers of cell phone usage revealed in radiation level studies, Western Edition, 1 July 2013.
Handy analogyCloud computing is like jumping off of a cliff. There are probably 20 reasons why you should not jump off a cliff. Here are five:
- Risk of severe injury
- Risk of death
- Funeral costs
- Hospital costs
- Costs to society of calling in emergency services
There is a small number of good reasons why you should, including:
- There is water below and you are a skilled cliff diver.
- You are attached to a flying device.
The same is true of cloud computing. If you do it right, with the correct preparations, sane motivations and a focus on safety, you can survive and thrive.
However the risks when you put other people's data into the cloud are enormous, as the Equifax breach and similar hacks have shown.
How to make cloud computing safe?
1. Use a personal home cloud serverOne strategy could salvage the cloud computing paradigm: If the
cloudservers were replaced by a home server, or a company server. (It's a small type of cloud. Let's call it
Use case #1 for a home-based cloudlet server: You are out somewhere in the world with your phone, tablet or laptop and you want to work on your projects. So you connect to your home PC via VPN or HTTPS web interface and see your files. You connect on a port that is not the usual HTTPS port 443 as that is blocked by your ISP; your router forwards a different port. You run your web-based office app and work on your files remotely.
Use case #2 for a home-based cloudlet server: You are out somewhere in the world with your phone, tablet or laptop and you want to safely read your messages. So you connect to your home PC via VPN or HTTPS web interface and you see that some encrypted messages have arrived, delivered directly to your cloudlet server via another forwarded port; these emails never ever touched a corporate mail server.
The risk of a home server is that it could become a favorite target for break-and-enter network vandals, in the way that free-standing ATM cash machines are. It's sitting there 24/7, with a definite IP address and probable vulnerabilities. But the same could be said of your Wifi router.
2. Encrypt everything going to the cloudThis is the approach recommended by security professionals.