Sunday, 20 September 2015

Cloud Computing?

Are we really ready for cloud based applications and data? In this blog, I am gong to argue that we are not. I have a number of concerns but the primary ones are network reliability, security, and data ownership. These issues are often not discussed and there is an assumption that because we can do it, it is what we should do.

The push toward mobile applications on tablets and smart phones has increased our dependence on the internet and the cloud space. Most apps for smart phones or tablets are downloaded to the device but many depend on a data connection or if you want to share data then the cloud comes in to play. Purchasing apps is cloud based. All this works reasonably fine when the data is also stored on the phone or when there is a reliable data connection.

My experience is that I can't guarantee a reliable internet connection everywhere that I might want access to my applications of data. The only places that I am confident of a connection is my home, those of friends, and the wired connection in my office. Wireless connection in large public buildings such as workplaces is problematic. This includes some workplaces that claim some level of dependence on network access. Being dependent on a cell connection is still totally unreliable and the speed is still too slow for any data intensive application. When travelling, wireless access in hotels proved unreliable to the point that we treated it as none existent. Even at a conference venue, you had to be in the right places to get a reliable signal. Supposedly, these are in first world locations so what of the options for other nations? If the assumption of the design of our applications and data usage is that we have reliable network access then I would contend we are not in that position yet.

My second concern is security. From the level of spams that I now receive, I am not convinced of the security of our data networks or servers. Many running servers don't seem to understand issues of ethics or data ownership. As a user, I don't want to have to be verifying the security and ethics of every server on the network but the nature of the internet is that the user doesn't control the path of messages nor their data once it enters the cloud. The routing is dynamic but we want to be sure that the nodes or severs that our messages are likely to pass through are secure. We also want to know that systems that we become users on are not sharing our data with those whom we don't want it shared with. Personally, I have no confidence in many of the social networks or of many other services offered on the internet. It seems to be too easy for anyone to obtain and misuse personal data.

Another aspect of security is access to systems within our home. I have tried to ensure that our internal systems are not accessible from outside the house. The router is the gateway but it should be for us to reach out into the internet and not for others to reach in. Supposedly, the firewall stops others reaching in. I am conscious that our network and cable TV provider seem to be able to reach in and manipulate the router and TV box. If they can manipulate the router, can they also see what devices are attached and from that reach the devices. Although the firewall restricts access, it won't stop someone who has access to management functions on the router.

This comes to my third concern, and a reason why I reject the internet of things, is the question of whose data it is. We installed solar panels and the installing company installed power monitoring equipment. The selling point for this monitoring system is that I can access the generation, import, export, and usage data from anywhere but who holds the data and who else has access to the data? We don't hold the data. In fact, we have no direct access to the raw data. We can download data after the fact but I have discovered that last year's data was deleted from their servers before I had ensured that we had a copy. It wasn't our decision to delete it. The decision was made by the supplier of the system. At the moment, the data is so unreliable that anyone else having access does't have accurate data to work from but should they have access to the data in the first place? My investigations of smart energy metering suggest the same applies. The energy company sees the data as their data primarily for billing purposes. Our access or use of the data is secondary. Yet that data is related to our generation and usage. Shouldn't we be given at least equal access? Yes, I can see that the energy company wants to ensure that the data cannot be manipulated but why can't we have access to it to manage our energy usage? More importantly from my perspective is why can't I get access directly to the data rather than pulling it back in form the cloud.

If I am using cloud based applications, where is my data stored? If it is on the cloud then who manages that data and ensures it is backed up? Do I have the ability to define the backup cycle and what access I have for recovery of files from backups. If I don't have access to the backups run by the server provider, am I able to backup the data onto my own local systems? Can I get the data in a form that I can do something with it? It is my data and I want to ensure its security but I may also want to do other processing of that data to obtain different outputs. Can I trust companies who operate for commercial gain to keep my data secure and in a state that only those I want get access to it?

If you get the impression that I don't think we are ready for cloud based computing, you are correct and I would say that I am only scratching at the surface of the potential problems. Those promoting cloud based computing have a long way to go to convince me that I should rely exclusively on cloud based applications and data.

No comments: