CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Ten observations about cloud computing

We're starting to get some consensus and understanding about a number of aspects of cloud computing. Here's where things stand.

I started following and writing about topics like Amazon Web Services and mashups even before they were corralled under the "cloud computing" moniker. But today, cloud computing is one of the hottest topics in IT.

Much of what I write about the cloud drills down on particular aspects or is a reaction to some vendor's announcement. Here I'm going to take a different approach and take a broader look at where things stand today and some of the challenges ahead.

1. Let's get one thing out of the way first. Cloud computing is real. Yes, there's a lot of hype and a lot of "cloud-washing" (applying the cloud term to only peripherally-related things). But cloud computing legitimately refers to a convergence of technologies and trends that are starting to make IT infrastructures and applications more dynamic, more modular, and more network-centric.

2. The industry has reached a rough consensus on a basic taxonomy for public clouds. We have infrastructure as a service (e.g. Amazon Web Services), platform as a service (Microsoft's Azure), and software as a service ( People may quibble about some of the details and about how to characterize standalone Web services and such but IaaS, PaaS, and SaaS have developed into a convenient shorthand for describing the basic levels of abstraction for network-based computing.

3. Private clouds exist and will continue to exist. I'm not a huge fan of the term, but many enterprises simultaneously want to take advantage of the technologies and approaches associated with public clouds while continuing to operate their own IT infrastructure (or, at least, to maintain dedicated hardware at a third-party provider). Some of this is doubtless "server hugging" and some is giving IT-as-usual a trendy new name. However, there are lots of reasons why enterprises can't just move to a multi-tenant public cloud provider and it's not even clear that it makes economic sense for many to do so.

4. Security and compliance are high on the list of those reasons. I often see such concerns essentially trivialized as a matter of attaining a comfort level or a level of knowledge--sort of an enterprise version of consumer worries about the safety of online banking. However, as I noted after CloudCamp Boston, we're now getting into very real and very thorny questions such as how right-to-audit clauses can be satisfied in a cloud computing environment.

5. Closely related are legal matters. I hear a lot of generalized concern that the requirements for law enforcement to obtain data from a service provider may well be, at least in practice, lower than those needed to obtain a warrant for a company's own servers. Furthermore, we've already seen a case where the FBI confiscated servers from a hosting provider above and beyond those related to the specific company under investigation. Borders, especially national ones, also carry--not always well understood--legal implications.

6. There is no "Big Switch." Nick Carr's The Big Switch argued that computing is on a similar trajectory to what we saw with electrical power generation and distribution. If so, that would make cloud computing a fundamentally disruptive economic model rather than a mostly gradual shift toward software being delivered as a service and IT being incrementally outsourced to larger IT organizations. However, so far, there is scant evidence that, once you reach the size of industrialized data center operations (call it a couple of data centers to take care of redundancy), the operational economics associated with an order of magnitude greater scale are compelling. Specialization, such as to meet industry-specific compliance and regulatory requirements, will also tend to mitigate cloud computing concentration.

7. Data portability is a must. Interoperability less so. Although data portability isn't a panacea--even if you can extract your information in a documented format that doesn't mean you can transparently make use of it somewhere else--it's a base-level requirement. Interoperability is trickier. We're seeing some standardization activity at the IaaS level through a combination of de facto standards, consortia, and third-party brokers that translate among services. However, as we move further up the software stack, there are significant trade-offs between standardization and useful differentiation.

8. Cloud computing and virtualization intersect in interesting ways, but they're not the same thing. The flexibility and mobility provided by server virtualization is a great match for cloud platforms in general. And certain types of cloud computing largely define themselves in terms of the virtual machine containers that virtualization creates. However, companies such as Google have demonstrated that large-scale distributed infrastructures don't require server virtualization; they architect their infrastructures using other techniques and provide higher-level abstractions and services to users.

9. Location-based applications will reach their potential through cloud computing. People have been talking about the potential of apps that understand place almost since cell phones went mainstream. However, it's the intersection of more precise sensors on the client (GPS augmenting cell signal triangulation) and easily-consumable cloud-based applications that can mash up that data with geographical databases and the data from other users of a service that are moving apps about "place" into the mainstream.

10. The cloud will change the client. There often seems to be an implicit assumption that, over time, computing moves into the cloud and mobile devices become interchangeable display and input devices. The reality is more complicated. Copies of our devices' "state," whether data or personal customizations, will indeed migrate into the network. However, both user experience and the reality of sometimes-connected networks suggest that there's a lot of reason to push many computing tasks and working data sets out to the client device. The client will change but it won't become just a portable version of a "dumb tube."