This week’s focus was on Cloud Computing, a topic of dear interest to me. The first thing we were tasked to do was discuss which business models appear appropriate for the cloud. In order to do that, we need to look at the NIST (http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf) Definition of Cloud Computing, which notes the following essential characteristics:
- On-demand self-service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service
In effect, the Cloud Is a great technology platform for businesses that have started at zero, and would like to scale up without incurring the costs of purchasing hardware, or the significant capital investments of a data centre. Start-ups are a great candidate to use Cloud technology platforms. Another suitable business is traditional businesses that require a platform for proof-of-concepts (POCs). Large companies can try new technologies without any consequence on existing infrastructure, and can be shut down just as easily. Another business type suitable for the Cloud is organisations that need to do batch processing of information in a timely manner. Two examples of that is Metservice, who use AWS (http://www.stuff.co.nz/technology/digital-living/8741213/Amazon-ahead-in-the-cloud) to augment their on-shore weather forecasting simulations, as well as Qantas (http://www.itnews.com.au/news/qantascom-begins-transition-to-aws-402996) who use AWS to do flight and weather forecasting.
Next, we looked at two assigned readings, the first being How CloudFlare promises SSL security – without the key (http://arstechnica.com/information-technology/2014/09/in-depth-how-cloudflares-new-web-service-promises-security-without-the-key/). This article discusses how organisations want to use Cloud computing resources, which allow large organisations, like banks, absorb denial of service attacks. However, these entities want to use Cloud computing without handing over the keys to the kingdom so to speak, or in this particular case, the SSL Private Key used to decrypt communications. Therefore, CloudFlare have created a method that allows the Private Keys to remain stored on Customer’s Servers, rather than on the CloudFlare servers. This allows organisations to take advantage of the cloud, while still controlling their own security.
The second reading was on How can we protect our information in the era of cloud computing (http://www.cam.ac.uk/research/news/how-can-we-protect-our-information-in-the-era-of-cloud-computing). The article describes how information can be protected in the cloud by creating multiple copies in a decentralised manner, also known as peer-to-peer. The article goes on to quote Professor Jon Crowcroft saying “We haven’t seen massive take-up of decentralised networks yet, but perhaps that’s just premature”. I’d argue that we do see massive peer-to-peer networks, they’re just being used to distribute movies and other pirated material. As legal authorities moved to shutdown torrent trackers, these then evolved into Magnet Links (https://en.wikipedia.org/wiki/Magnet_URI_scheme) which no longer require a torrent tracker, but instead identify content based on a hash value.
The final task was to look at the pros and cons of New Zealand Government’s Cloud First strategy (https://www.ict.govt.nz/guidance-and-resources/information-management/requirements-for-cloud-computing). The pros below are listed from the previous link:
- Cloud computing solutions are scalable: agencies can purchase as much or as little resource as they need at any particular time. They pay for what they use.
- Agencies do not have to make large capital outlays on computing hardware, or pay for the upkeep of that hardware.
- Cloud computing provides economies of scale through all-of-government volume discounts. This is particularly beneficial for smaller ICT users.
- Agencies can easily access the latest versions of common software, which deliver improved and robust functionality, and eliminating significant costs associated with version upgrades.
- If agencies are able to access the same programmes, and up-to-date versions of those programmes, this will improve resiliency and reduce productivity losses caused when applications are incompatible across agencies.
The cons highlighted in the article is that using the Cloud isn’t a free pass to outsource risk, ultimately it’s the agency’s responsibility to use or not use the Cloud. This includes for example, ensuring that data above RESTRICTED isn’t in a public cloud.