As cloud computing services become more popular with consumers and corporations, it's time to sort hype from reality
A December survey by Cisco (CSCO) of more than 2,000 tech managers across 13 countries found that 52 percent are using—or plan to use—cloud computer services in the near future. (The percentages are even higher in emerging markets Brazil, India, and China.) Another report released in August by market researcher Gartner (IT) noted that nearly 40 percent of IT professionals worldwide are putting more money toward cloud computing than ever before. When so many people are talking about "The Cloud" with such passion, and backing that interest with investments, I begin to ask questions. This is what I discovered. The gap between the hype and the reality, particularly on the technical side, is immense. It may be better to think of these "clouds" as a collection of giant, sometimes flammable, gas-filled Hindenburg-like airships with fluffy pictures painted on their sides by clever marketing folks. Lest you think I'm an enemy of progress, I did discover there are some amazing and powerful new business models coming out of the clouds. If you're just starting a business or looking to focus on what you really do well, "pay-per-service" is a prudent and cost-effective way to manage your affairs. Further, it levels the playing field, democratizing the tools of business. Potential for Catastrophe
But over the last few months, I've spoken with many security analysts across a number of industries and they've expressed both excitement and a deep-seated dread. They are excited because agile security will need to be "built into the cloud," and worried because in private conversation, they don't talk about if a "Deepwater Horizon-like event" will happen in the cloud, but when. Why is there such certainty that a catastrophic event will occur? For starters, we're on a path to remove all resiliencies from our global business engine. Five years ago, if you took a random sampling you would have discovered that most companies had physical control over their mission-critical data and processes. It was usually in the form of "Bob in IT" with a team of computer geeks tending closets filled with servers. It wasn't perfect, but if one, ten, a hundred, or even a thousand companies lost their data, or installed a bad software patch, or fell prey to a malicious attack, the lifeblood of business everywhere would still flow. It would be an isolated incident, with little or no damage done to the greater economy. Today, many companies have put—or are beginning to put—their business-critical information into the hands of four or five companies that specialize in cloud services. These companies have placed all of their customer-specific data into a cloud run by one company, and other critical systems into another cloud run by a different company. The logic is simple: If one cloud fails, just move the information to another cloud. At most it will cause a few days of discomfort. The problem is that different clouds are far from compatible; the information that went into building one cannot easily flow to another—well, not without a considerable investment in rebuilding much of your system from scratch over weeks, months, or in some cases years. Centralized Market
Let's look at the big picture and be clear about the risks: We are migrating from a diverse way of dealing with business information to a centralized market with a few single points of potential catastrophic failure. If there is a hostile takeover of one of the handful of big cloud vendors, if a malicious attack succeeds in taking one or two of them down for any amount of time, if someone just makes one too many mistakes, if the shareholders of one of these firms decide it is not in their business interest to keep that service running, business information will not just magically flow from one cloud to another. Rather, the whole business world will face the storm of the century and commerce could literally grind to a halt. This isn't just a business problem. I hear family members say, "Oh, my stuff is in the cloud." I watch kids uploading pictures, stories, thoughts, and dreams, not into diaries and photo albums but directly "to the cloud." They've never stored their memories in some old shoebox in the basement. Now imagine waking up and losing every precious piece of information in your own life. If this sounds like a nightmare scenario and you're sure it could never happen, ask "Alice," an AOL (AOL) user who was informed (after the fact) that one of AOL's popular sites for creating personal Web pages, Hometown, had been turned off. This was her plea: "It is so sad that I have lost all my saved pages from my daughter. That's all I had left [of] all her memories. Now I have nothing at all. I lost my daughter 2 years ago, and I needed those pages. I beg you is there anyway I can get them back pleaseee." She never received a reply, and if you look now you'll find her message deleted as well. (AOL declined to comment.) Or ask the 40,000 Google (GOOG) Gmail users who recently found their mail missing and mailboxes gone thanks to a software update gone wrong. It was only a tiny percentage of users affected, but who would want to be in that minority? These anecdotes could easily be written off as the last rumblings of a passing storm before the sun shines on a brighter day. Those few sad little people caught in the transition are just anomalies. Feel bad for them for a moment to show your humanity, then look away. Resilient Design Needed
What I'm concerned about is the technical approach we've taken to implement cloud services, the issues nobody seems to be talking about or questioning. Most of the clouds that businesses use today are built not on the kinds of patterns found in nature (our greatest laboratory for scalability and resilience), but rather on a model called "client/server architecture" (hint, the clouds are the servers) designed in the 1950s, '60s, and '70s, when computers were expensive and memory was at a premium. Nature is the grand laboratory of resilient, ultra-large complex systems. While the Internet has just hit 2 billion users, our own body has many trillions of cells. However, unlike a PC, we don't lock up monthly, we keep working for upwards of 70 to 80 years. Nature has been here before. In nature, computing is cheap, memory is even cheaper, and something called "peer-to-peer," rather than "client/server," plays a much more significant role. If we learned from nature's design patterns, we could grow a much more resilient future—where information is massively replicated (think gene pool rather than hydrogen clouds) and mission-critical or personally precious information just can't be lost. This isn't a pipe dream. I've experienced such systems in action. They use a sort of "Digital DNA" approach to information and are built as flexible evolving ecosystems. It's "biomimicry" for computing. Just as chromosomes are standard, unique containers for all the DNA that makes us human, digital DNA uses standard, unique containers to hold all the "genes" of a new kind of collaboration system. And just as nature copies and replicates those genes in vast numbers throughout our world to gain resiliency, these systems do the same. The U.S. government's "Department of Mad Scientists" has fostered these new, radically distributed and resilient systems; the same group—called DARPA—whose last world-changing success was a little thing called the Internet. The potential is world-changing and promises innovations like we've never seen before. If only we can get past the noise and the madness of the clouds.