Filed under: Uncategorized
It’s been a while since I’ve posted, but not too much has changed in the overall IT landscape. Cloud computing has become such a buzzword that it’s hard to know what it is anymore, and I still have deep reservations about the whole model with respect to privacy, security, and flexibility down the road.
In any case, iPhone 2.0 software and its 3G hardware counterpart have been released. Apple’s AppStore seems to be well executed, but they’re getting some very strong pushback on how controlled and arbitrary the approval process is for apps. It still doesn’t have cut/copy/paste, and I still don’t think the typing is great even if it’s good enough.
Google Android has officially entered the scene with the G1 handset. I don’t like T-Mobile so I probably won’t run one until its released on different hardware and carriers, but it’s a very interesting platform and one that has much more depth than the iPhone. Here’s a great article about where Google might be going with it. It’s a lot like Microsoft’s WinCE strategy, but in theory more open. Microsoft has shown openness in supporting a large ecosystem of hardware manufacturers and across carriers, and time will tell if Google takes it one step further by opening the underlying mobile platform on top of it. They have the first part (openness of the platform), but will need to execute on the second (multiple devices) and the third (multiple carriers), to be seen as offering a significantly different alternative to the other players.
Google’s Chrome browser isn’t that innovative other than its javascript performance, but it could be a very interesting piece of the puzzle when combined with Android. Google Gears, Google Gadgets, seamlessly running between Chrome and Android would be killer. Imagine developing Android apps and deploying seamlessly either to Chrome or Android, especially since Android will support Chrome. It’s a heck of a better proposition than having to create a native Blackberry or iPhone application, and it could be that Google pulls off what Apple was hoping to do in the first place by suggesting that developers target the browser as opposed to the native device itself.
In any case, I found the announcement that VISA will support Android a particularly interesting one. Why could they not have done this for the Blackberry a long time ago? The iPhone seems more like a consumer gadget, so it’s possible that Google will move into the “serious” device category even if it’s questionable if that will include the enterprise.
I am no fan of Exchange, but there’s a lot of inertia there, and as tempted as I am by gMail and Google Apps even for the enterprise, the thought that one day all of my or my company’s email in theory could just disappear randomly, is a total non-starter. At least with on-premises solutions I can know, for certain, that my email is physically somewhere and there is 0% chance that I will lose it all. Having been told by the head of Google’s Enterprise App division that they will never, ever, support appliances or virtual appliances, sticking with the multi-tenant model in every case, I can’t consider them a serious contender in the enterprise.
That leads to the other question about the openness of Android. I will begin to tinker with the SDK soon, and it will be interesting to see how clearly it can be de-coupled from Google’s network and services. It’s not just about concern about privacy and all that, but also a question of whether it’s both a level playing field and an open canvas for anything that I could possibly dream up.
Filed under: Uncategorized
I attended a very interesting panel discussion yesterday evening called “An Evening in the Cloud” at the Enterprise 2.0 Conference at the Westin on the Waterfront in Boston. It was a sort of conversational panel between vendors of cloud computing platforms (”Cloud Players”), namely Google, SalesForce.com (through Force.com), and Amazon Web Services, and a group of potential buyers (”Cloud Customers”) from several different types of organizations, from both the public and private sectors. The “Cloud Players” each took their turn presenting a compelling argument to the buyers to move their IT infrastructure as much into the cloud as possible, ideally completely. The “Cloud Customers” then had the chance to react by asking the panel questions and bringing up any possible anxieties they might have in embracing this model to such a degree.
One of the main conversation points centered around the analogy to the utility companies and the “power grid”. The idea is that most people don’t produce their own power and for the most part don’t need to, and do better just plugging into the massive national power infrastructure. Another interesting analogy, made by Jeff Keltner, Business Development Manager for Google Apps, relating to the safety and security of data in the cloud, is that driving is much less safe than flying even though it might not feel that that’s what the statistics would show. The sophisticated infrastructure and incredible engineering in the airline industry makes it possible to be much safer than driving, just like SalesForce.com, Google, Amazon and the others have much more secure and powerful IT environments than what the overwhelming majority of businesses can match.
So I guess controlling and maintaining our own private data is like driving cars. :) I don’t know which I would pick if I had to choose only driving my own car or flying in airplanes (neither really, maybe this once it can fly), but overall I think the argument for cloud computing is sound. There is undeniable momentum towards the utility computing model, and the adoption numbers for Google, SalesForce.com, and Amazon as major players in this space is staggering. Despite the fact that they all have different approaches, with Google and SalesForce.com pursuing a multi-tenant model much more than Amazon as far as their cloud platform story, they are all strongly committed to cloud computing and often consume each other’s services either indirectly or through direct partnerships.
I absolutely love the idea of cloud computing. I want the big “Jukebox in the Sky”, frictionless commerce, social networking driven by semantic personalization, and the multimedia bonzanza that cloud computing will undoubtedly unleash. However, I still also have some reservations, primarily related to what I think is a huge missed opportunity instead of just the commonly-raised concerns concerns around security, privacy, and reliability. I believe there is one key missing element in the equation that I will get to later.
As far as the power grid analogy, one of the “Cloud Customers” on the panel, Carolyn Lawson, Chief Information Officer for the California Public Utilities Commission, made a funny quip in her talk about how it might not be the most appropriate and convincing analogy given some of the recent history of California’s power grid. Then, Dr. Richard Mark Soley, Chairman and Chief Executive Officer of the Object Management Group, Inc. (OMG®) and Executive Director of the SOA Consortium, mentioned he was actually just starting to his produce power for his own home, and that he saw a lot of momentum in the direction of much more distributed energy infrastructure. In my own recent trip to Haiti, I couldn’t imagine anything except highly distributed solar and/or wind power making much sense in even the remotely near term.
One of the central themes throughout the conversation between the two sides, could be associated with the term Vendor Relationship Management. There was an overarching desire from those consuming cloud computing services, whether individuals or businesses, to have a basic level of control over their own context. Aside from legal issues, of which there are plenty, there were a string of comments related to concern about the leverage that such companies would have over pricing and abrupt changes in privacy policies, especially in the event of acquisitions and leadership changes. One audience commenter brought up the Patriot Act, which the cloud computing vendors freely admitted is causing them some grief in providing services to an international audience.
As part of introducing myself and my company to any participants of the conference who might be reading this blog, I would like to offer my own analogy to help frame the debate that is centered around encryption. First, for some background on our company, we recently released an Open Source web browsing and searching product called SupraBrowser. It’s a browsing, research, and messaging system used by a number of financial services companies in Boston. We use it ourselves daily for our development and other types of collaboration. One of it’s core attributes is that it’s based partly on a distributed security algorithm called the Secure Remote Password Protocol that reduces or eliminates the need for a central trust authority in all communication traffic.
Additionally, we will be launching shortly a distributed web service called dealtac.com. It’s an exclusive social network for deal makers and connectors, which allows users to monitor and mine their email, bookmarks, feeds, and documents for personal connections from their existing business social network of contacts. Users can also collaborate through a real-time messaging system and leave comments about their contacts.
From what I’ve learned through the odyssey of building this company, I think it’s incredibly necessary to provide a personal, private context to individuals in “the cloud”, and that the absence of this core artifact will severely hamper the success of cloud computing regardless of its early adoption. One of my most interesting conversations of the night was one I had with Jeff Keltner from Google. At one point in the earlier debate, when the potential buyers all really started harping on the issue of privacy, Jeff was the first to mention encryption as a practical way to maintain privacy in the cloud. If you encrypt your data before storing it, it remains adequately private for the majority of cases. This is true, as long as you don’t access it while it’s still in the cloud, but I think encryption itself provides the best analogy for why the “multi-tenant” approach can and should only work up to a limited point.
The very fact that encryption can be mentioned by him in the context of being a raw, foundational element to build privacy and trust upon, actually proves my point. If the US (or any other) government demanded the inclusion of a “skeleton key” for all encryption protocols and programs that only they had full access to, not only would the security be much, much weaker, but also people wouldn’t trust it nearly to the same degree. Even if a government or other central body employed the vast majority of cryptologists and mathematicians in the world, people would still trust a transparently developed algorithm with no known backdoors and known ways to cheat the math more than a closed algorithm. The fact that Google has “root access” to it’s users’ data is the equivalent of maintaining root access to an encryption algorithm.
All the cloud computing vendors in some way mentioned trust as one of the most important elements in their relationship with their customers and users. So, when Google or another cloud platform company denies the need for a place in the cloud that can contain completely private data with no known way for anyone other than the individual to view it, even in theory, while still having all the positive attributes of cloud computing, i.e. more secure, redundant, accessible, and mobile, it’s quite disingenuous and practically the same as if they provided an encryption “service” with a backdoor for the “governing” operator.
The panel was actually incredibly well run and conceived overall, and it was part of a fascinating and important dialogue going on around cloud computing that ultimately touches on deep issues of trust, governance, self-determination, and even sovereignty. I look forward to continuing to be a part of the dialogue and trying to transcode our own privacy policy into the architecture, algorithms, and software code of our products and services as much as possible.
So, which would you want? To be stuck in “the cloud”, or to see a sky full of clouds? We have presented our version of the sky and have only just begun in our quest for what perhaps might be called “Sky Computing”. Since it’s open like the air, we welcome all breathing collaborators. :)
Posted on October 3rd, 2008 by David Thomson
No Comments »