Stay networked. Get informed. Broadcast your projects.
This is only a summary of some of the main points highlighted on Cloud Computing at the IGF 2010.
Main session - Emerging Issues – Cloud Computing
Workshop - Engendering confidence in the cloud - answering the questions of security and privacy
The IGF forum was a buzz on cloud computing as many came to hear not only about the benefits touted in the press, by the technology industry and service providers, but also about the downsides and the implications of its use. Sessions started with discussions on the definition of the term. Some tried to debunk popular definitions which simplify the term by liken it primarily to applications like Google Docs, Flickr and Facebook in favour of more technical definitions. According to Frank-Charles Osafo ‘With the cloud, the whole I.T. infrastructure is programmable. This is really what is different about cloud computing. It is a continuation of what we have had in the past, but with our Internet and other technologies we are able not only to programme software but to programme the whole infrastructure.’ Luis Magalhaes put forward ‘As an analogy, I could say that cloud computing in IT today as important as electricity was one century ago. We can just plug on utility and … be provided with services without having to have them run in your own enterprise.’ It was useful to get perspectives from the private sector, government, academia, the technical community and cloud computing providers some of whom represented Kenya, Ghana, India and China, on thought regarding the future of cloud computing.
There was a lot of emphasis on the cost savings that cloud computing can provide to small businesses. If they are able to use cloud services, they may not have to spend large sums of money on the infrastructure needed to store information. This would create fewer barriers to their entry in the national and global marketplace. However, it was also pointed out that if the cloud computing market was dominated by only a few providers there could be negative implications. Further, due to some countries lack of high speed broadband and consequent difficulty to utilise cloud computing services, its prevalence can also contribute to unfair disadvantage in the business world and a widening of the digital divide.
This issue drew further discussion as the importance of cloud computing for the development of mobile phone connectivity (which have limited storage capacity) was highlighted. If ‘mobile phone connectivity is the future, mobile cloud computing is vital. (This) stands for anywhere, anytime, secured data access, applications, and service access’. However, it was also put forward that just as we can usually take our own mobile phones with us when we move to another provider, we should also be able to take our data from one cloud to the next if necessary. Cloud computing is therefore important for the next billion broadband users.
The question of internet access was also raised, for if a large number of people cannot connect in the cloud, will companies really be able to build their company on cloud. The issue of connectivity is therefore important if companies are to migrate to the cloud.
On the other hand, sufficient regulation and legislation is also important as the privacy of data stored in the cloud must be protected. It was pointed out that at the moment there is not ‘adequate, effective and enforceable protection’ to engender confidence in the cloud. Cloud service providers have to be transparent and accountable for their services. There can be independent data security audits as well as self-regulation, and regulation from law enforcement. Lu Jianfeng, Vice President of the Chinese company 360.cn said that there is a need for user feedback on security and privacy protection solutions so any company found guilty of privacy violation would be exposed. The cloud computing customer should be able to vote by their feet.
On the social networking issue it was argued that consumers usually do not know if they are using a cloud system or if their information is being held on a secure server. This needs to be made more clear to them. Also highlighted was the need to protect users from unfair commercial practices such as a cloud service provider subsequently changing the terms and conditions of the contract, waiving their liability. Discussion also occured over the use of data for secondary purposes like advertisements or behavioral targeting without consent.
On the other hand as Kristina Irion argued if all our data is stored in the cloud, this means that law enforcement can have easier means to access this data. She emphasised the importance of ensuring that ‘data in the cloud is protected by the same safe guards against public and private interference as is data today on our desks or on our hard drive pointing out 'The existing real world framework ... does not necessarily reflect an online world and this is a major challenge'. As a result the issue of portability and interoperability is very important in any future steps taken to develop cloud computing.
Wilfred Gromen, General Manager and Regional Technology Officer for Central and Eastern Europe, Microsoft spoke about the need for strong deterrents against misuse of data, through enforcement of penalties. If this occurs there needs to be a legal framework, which pushes information sharing between the public and private sectors. Law enforcement will also need to collaborate to exchange information internationally. There needs to be some consistent rules governing access to and jurisdiction over user data which may be in conflict from nation to nation.
Robert Pepper, Vice President, Global Technology Policy at CISCO spoke about how cloud services or shared data centre services can actually help governments balance their needs and be more efficient by adding more quickly new capacity and computing power. Important questions were raised however about government’s use of cloud services. Should data be lost in the cloud can a government or individual go to a local court or international court for litigation? There should also be established and informed criteria for choosing a cloud computing provider. The lack of human capacity to assess the cloud service providers for security was also raised. It was argued that while traditionally IT has been responsible for security in many organisations it now not clear who is responsible.
The future of data centres was discussed. Pranesh Prakash argued that the establishment of standards can ensure interoperability and allow consumers to choose between different devices and providers to access the cloud and shift between one service and another. This would include moving information, data and meta data from one cloud to another. He pointed out ‘Clouds should be able to talk to one another. If we end up with disconnected, separate and national clouds, we will not realise the full benefit of cloud computing’. It was put forward that the cloud may eliminate many of the little data centres all over the world.
There was also some emphasis on cloud computing’s possibility for contributing to greener IT and sustainable development. Heather Creech sited one example as the use of zero carbon data centres. She spoke about the possible savings in moving a data centre to a remote location where natural cooling is possible and having carbon credits to finance this. This is a conversation that is only beginning, and there is a need to further examine the ways that ICT can address the issue of climate change. The discussion will hopefully progress and lead to action as more users come online.