Enterprise 2.0 and Cloud Computing Conference

Filed under: Uncategorized

I attended a very interesting panel discussion yesterday evening called “An Evening in the Cloud” at the Enterprise 2.0 Conference at the Westin on the Waterfront in Boston. It was a sort of conversational panel between vendors of cloud computing platforms (”Cloud Players”), namely Google, SalesForce.com (through Force.com), and Amazon Web Services, and a group of potential buyers (”Cloud Customers”) from several different types of organizations, from both the public and private sectors. The “Cloud Players” each took their turn presenting a compelling argument to the buyers to move their IT infrastructure as much into the cloud as possible, ideally completely. The “Cloud Customers” then had the chance to react by asking the panel questions and bringing up any possible anxieties they might have in embracing this model to such a degree.

One of the main conversation points centered around the analogy to the utility companies and the “power grid”. The idea is that most people don’t produce their own power and for the most part don’t need to, and do better just plugging into the massive national power infrastructure. Another interesting analogy, made by Jeff Keltner, Business Development Manager for Google Apps, relating to the safety and security of data in the cloud, is that driving is much less safe than flying even though it might not feel that that’s what the statistics would show. The sophisticated infrastructure and incredible engineering in the airline industry makes it possible to be much safer than driving, just like SalesForce.com, Google, Amazon and the others have much more secure and powerful IT environments than what the overwhelming majority of businesses can match.

So I guess controlling and maintaining our own private data is like driving cars. :) I don’t know which I would pick if I had to choose only driving my own car or flying in airplanes (neither really, maybe this once it can fly), but overall I think the argument for cloud computing is sound. There is undeniable momentum towards the utility computing model, and the adoption numbers for Google, SalesForce.com, and Amazon as major players in this space is staggering. Despite the fact that they all have different approaches, with Google and SalesForce.com pursuing a multi-tenant model much more than Amazon as far as their cloud platform story, they are all strongly committed to cloud computing and often consume each other’s services either indirectly or through direct partnerships.

I absolutely love the idea of cloud computing. I want the big “Jukebox in the Sky”, frictionless commerce, social networking driven by semantic personalization, and the multimedia bonzanza that cloud computing will undoubtedly unleash. However, I still also have some reservations, primarily related to what I think is a huge missed opportunity instead of just the commonly-raised concerns concerns around security, privacy, and reliability. I believe there is one key missing element in the equation that I will get to later.

As far as the power grid analogy, one of the “Cloud Customers” on the panel, Carolyn Lawson, Chief Information Officer for the California Public Utilities Commission, made a funny quip in her talk about how it might not be the most appropriate and convincing analogy given some of the recent history of California’s power grid. Then, Dr. Richard Mark Soley, Chairman and Chief Executive Officer of the Object Management Group, Inc. (OMG®) and Executive Director of the SOA Consortium, mentioned he was actually just starting to his produce power for his own home, and that he saw a lot of momentum in the direction of much more distributed energy infrastructure. In my own recent trip to Haiti, I couldn’t imagine anything except highly distributed solar and/or wind power making much sense in even the remotely near term.

One of the central themes throughout the conversation between the two sides, could be associated with the term Vendor Relationship Management. There was an overarching desire from those consuming cloud computing services, whether individuals or businesses, to have a basic level of control over their own context. Aside from legal issues, of which there are plenty, there were a string of comments related to concern about the leverage that such companies would have over pricing and abrupt changes in privacy policies, especially in the event of acquisitions and leadership changes. One audience commenter brought up the Patriot Act, which the cloud computing vendors freely admitted is causing them some grief in providing services to an international audience.

As part of introducing myself and my company to any participants of the conference who might be reading this blog, I would like to offer my own analogy to help frame the debate that is centered around encryption. First, for some background on our company, we recently released an Open Source web browsing and searching product called SupraBrowser. It’s a browsing, research, and messaging system used by a number of financial services companies in Boston. We use it ourselves daily for our development and other types of collaboration. One of it’s core attributes is that it’s based partly on a distributed security algorithm called the Secure Remote Password Protocol that reduces or eliminates the need for a central trust authority in all communication traffic.

Additionally, we will be launching shortly a distributed web service called dealtac.com. It’s an exclusive social network for deal makers and connectors, which allows users to monitor and mine their email, bookmarks, feeds, and documents for personal connections from their existing business social network of contacts. Users can also collaborate through a real-time messaging system and leave comments about their contacts.

From what I’ve learned through the odyssey of building this company, I think it’s incredibly necessary to provide a personal, private context to individuals in “the cloud”, and that the absence of this core artifact will severely hamper the success of cloud computing regardless of its early adoption. One of my most interesting conversations of the night was one I had with Jeff Keltner from Google. At one point in the earlier debate, when the potential buyers all really started harping on the issue of privacy, Jeff was the first to mention encryption as a practical way to maintain privacy in the cloud. If you encrypt your data before storing it, it remains adequately private for the majority of cases. This is true, as long as you don’t access it while it’s still in the cloud, but I think encryption itself provides the best analogy for why the “multi-tenant” approach can and should only work up to a limited point.

The very fact that encryption can be mentioned by him in the context of being a raw, foundational element to build privacy and trust upon, actually proves my point. If the US (or any other) government demanded the inclusion of a “skeleton key” for all encryption protocols and programs that only they had full access to, not only would the security be much, much weaker, but also people wouldn’t trust it nearly to the same degree. Even if a government or other central body employed the vast majority of cryptologists and mathematicians in the world, people would still trust a transparently developed algorithm with no known backdoors and known ways to cheat the math more than a closed algorithm. The fact that Google has “root access” to it’s users’ data is the equivalent of maintaining root access to an encryption algorithm.

All the cloud computing vendors in some way mentioned trust as one of the most important elements in their relationship with their customers and users. So, when Google or another cloud platform company denies the need for a place in the cloud that can contain completely private data with no known way for anyone other than the individual to view it, even in theory, while still having all the positive attributes of cloud computing, i.e. more secure, redundant, accessible, and mobile, it’s quite disingenuous and practically the same as if they provided an encryption “service” with a backdoor for the “governing” operator.

The panel was actually incredibly well run and conceived overall, and it was part of a fascinating and important dialogue going on around cloud computing that ultimately touches on deep issues of trust, governance, self-determination, and even sovereignty. I look forward to continuing to be a part of the dialogue and trying to transcode our own privacy policy into the architecture, algorithms, and software code of our products and services as much as possible.

So, which would you want? To be stuck in “the cloud”, or to see a sky full of clouds? We have presented our version of the sky and have only just begun in our quest for what perhaps might be called “Sky Computing”. Since it’s open like the air, we welcome all breathing collaborators. :)

Personal Cloud and Adobe Air.

Filed under: blogging, cloud, sphere

The New York Times recently published an article about Adobe Air and the blurring of traditional web and desktop application development:

Adobe Blurs Line Between PC and Web

and there is a nice FAQ from Adobe on the differences and advantages of the Air approach:

Adobe Air FAQ

I feel that we have a fairly deep perspective on the differences and advantages of desktop applications vs. web applications. SupraSphere, being first and foremost and new kind of web browser, is obviously a desktop application since it doesn’t necessarily make sense to think of a web browser as an AJAX application. ;)

However, we do have a web-only AJAX version of some of the features of SupraSphere, particularly some of the search and collaboration features. Desktop applications have a few distinct disadvantages, around management of updates, stability, and often privacy, where many people have gotten burned by desktop applications infested with spyware and adware. Furthermore, web applications are quite often much easier to use since all you can really do is click. The richness of certain interfaces, whether in Flash or on the desktop, often make it harder to use the applications because people often have a hard time learning new interfaces. Browser applications are often popular because it provides a “paradigm sandbox” where you can click and go back, often can’t “right-click”, and can’t bury too many options too deep in menu structures. Most people can figure out Flash navigation on a website, but as soon as you start developing applications in Flash, people are going to start to get lost.

As far as Adobe Air, it seems that the major innovation is that Adobe Air allows an application written with web technologies (javascript particularly) that uses a RIA Flash runtime, but that can operate on local desktop data, which also implies offline access. This is definitely interesting, but we have taken a different approach to unifying the web and the pc.

Our goal is to create a “personal cloud” (see the reference to “kevincloud” in the NY Times article). Ideally, this would involve multiple servers (or virtual servers) configured as peered instances, where all data is replicated across instances hopefully across data centers. This would provide automated backup and redundancy so that a person’s entire data environment is not dependent on any given provider, and we might look into a default configuration being an encrypted disk (with only one service on one port running to provide suprasphere services), so that if a virtual machine instance was “lost”, it wouldn’t be as huge of a privacy concern.

Then, all devices (including personal computers) would provide a view of the data stored in this “cluster” of personal servers. In addition, these systems will not be single-user. They are inherently network aware and multi-user, making it possible to collaborate inside with other individuals or groups, but where the underlying architecture will be distributed.

Essentially, rather than trying to move web applications back to the PC hard drive in order just to provide richer interfaces and private data access, we are trying to provide the equivalent to the PC hard drive that “lives in the cloud”. This should provide all of the attributes that people associate with cloud computing, such as data reliability and high availability, API’s for services integration and re-purposing, and multiple views of data from different interface mashups. In fact, it should accelerate these trends by providing a starting point for web services that are private to the individual and highly personal.