The cloud cannot ignore geopolitics
There are many reasons to consider "location" and "borders" in cloud computing. Unfortunately, how governments perceive those concepts versus how networks do can be at odds.
Cloud computing is an, not a technology: that critical fact underpins so many of the challenges and advantages that cloud computing models place upon distributed applications.
It is the reason that so many existing application architecture concepts work in the cloud, and it is the reason that so many developers are forced to address aspects of those architectures that they could skimp on or even ignore in the self-contained bubble of traditional IT.
One of the most fascinating aspects of cloud's architectural forcing function is the way it forces developers to acknowledge the difference between two often conflicting "realities" that applications must live in; that of the physical world we humans live in each day, and that of the computing world, consisting of electronics, wires, and its own set of rules, captured in software form.
These two "worlds" are similar in some ways, but are often at odds with one another. For example:
Human beings are organized into societies, each of which has its own customs, protocols, and laws. These societies are often multifaceted--family, neighborhood, city, state, nation, and so on.
Similarly, computing is organized into networks, each of which has its own applications, application systems, firewalls, and policies. These networks are also organized at many levels: layer 2 sub-nets, corporate networks, ISP networks, the Internet itself, and so on.
- Each world has its own types of boundaries. Many (but not all) of these societies use geographic boundaries to help define their structure. Many (but not all) of these networks use organizational "boundaries" and network paths to define their structure.
Each world also defines distance differently. For humans, these distances are measured in the three-dimensional space we can all experience with our senses. For computing, the distance is measured in a much more one- or two-dimensional distance via the "hops" that signals take along an electrical path between computers and networking equipment.
In the globalized world we live in today, the concepts of political borders and organizational boundaries (and, thus, network boundaries) rarely align. Furthermore, the "distance" between two points as the crow flies and as the bits fly are also often at odds. All of this makes both enforcing human laws and maintaining data and code in the cloud extremely challenging today.
We would be fine if we could clearly separate the world of human society from the world of computer networking, but we can't. The reason why not is itself simple: data. Data (generally) describe things that are of interest to one or more human societies, so those societies have a vested interest in controlling or at least consuming that data.
The conflict between "meatspace" and the Internet is not new--nor is it limited to cloud computing. These problems exist in any globally distributed computing paradigm.
For example, in the Internet's early days, many advocates saw it as a way to overcome the power of geopolitical borders and governments, at least when it came to free speech and political organization. Since then, we've seen countless examples of governments trying to counter that capability and to reinforce their control over the people and organizations within their physical borders, even on a medium that does not intrinsically understand those borders.
The problem hits closer to home among developers and application owners who are attempting to leverage the advantages of cloud computing. Privacy law is a well-known example. How do developers operate applications in a world where data center location is supposed to be unimportant, yet governments will prosecute companies that let data cross "real world" borders in explicitly prohibited ways?
(Forrester Research published a really interesting map showing the relative strength of privacy law for much of the world. It is a striking example of what users of global cloud computing services are up against. I also wrote a post a couple of years ago that envisioned a world in which code would actively try to take advantage of the disparities in law in the course of executing its algorithms.)
How would an application operator deploy applications at a minimum "distance" from users in a network sense, without finding themselves passing data through a country that would jeopardize the safety of that data? Again, the path your data takes between two physical locations may not be the path you expected.
You are already seeing some examples of how the governments and corporations are trying to mold the Internet and "the cloud" to fit into human geopolitical realities. Countries like China, Iran, Pakistan, and others have demonstrated their willingness to control the Internet transoms over their nation's borders, and to apply technology to controlling the "border traffic" at those crossing points.
Cloud providers are providing explicit service boundaries to meet geopolitical realities. Amazon.com's EC2 regions are a great example of this.
What's missing, however, is any form of formal infrastructure within the Internet/Intercloud itself to "automate" mapping the human world to the computer world. Is this even possible, I often wonder. Can we (or, more to the point, should we) try to "codify" the laws and regulations of the world into digital form, allowing computer networks and applications to self-regulate?
What would the political fallout of such a system be?
In cloud computing, "virtual" geography and "physical" geography are both extremely important, and it's up to humans to keep the two aligned. Because this is complex and prone to error, it may be one of the great business opportunities to come out of the disruption that cloud computing is wreaking on IT practices.