Since 2010 he has been working as an independent Advisor specialising in trust and security, with special attention to privacy, identity and trust in the digital environment. He is also Research Fellow at the University of Luxembourg, Interdisciplinary Centre for Security, Reliability and Trust (SnT).
Cloud computing: pitfalls and opportunities
Cloud computing is the buzzword of the day in ICT. There are good reasons for this: businesses need methods for dealing with their ever-increasing data handling costs and the high energy costs for maintaining an adequate IT infrastructure. They also need new business models to profit from the successes of service computing and Web 2.0.
Nevertheless there is a lot of misunderstanding about what exactly cloud computing can do for businesses and what the challenges are, both now and in the future.
The challenges are myriad, including security, reliability, data integrity and sustainability, access management, accountability and privacy.
During the internal seminar, Mr Bus presented the main issues.
‘Not a new concept’
‘Cloud computing is overhyped and nothing new. It goes back to the timesharing model of the 1960s’, explained Mr Bus. At the time, the timesharing model represented a major technological shift in the history of computing by allowing a large number of users to interact concurrently with a single computer. This dramatically lowered the cost of providing computing capability and made it possible for individuals and organisations to use a computer without actually owning one.
Cloud computing applies the same principle. ‘Cloud computing is anything that relates to hosted services over the internet, from infrastructure to platform and/or software as a service’, said Mr Bus. These elements are then sold on demand, flexible and fully managed by the service provider. According to the ‘Gartner hype cycle’, the time for mainstream adoption should be between two and five years.
Out in the clouds
What types of clouds are there? What makes a cloud a public, private or community cloud? Do clouds such as the ones offered by Amazon, Facebook, Google+, Twitter and Yahoo actually offer infrastructure, platform or software services? Who controls the data?
Mr Bus explained the four different types of clouds:
- public clouds, which sell services to anyone on the internet/web
- community clouds, which provide services to a community of users (e.g. patients, architects)
- private clouds, which are proprietary networks and/or data centres for a limited set of people (e.g. an enterprise)
- hybrid clouds, which are a combination of at least one private cloud and/or community cloud with one public cloud.
Beyond this definition, Mr Bus stressed that it was very difficult to understand what types of clouds are being offered by service providers today. At the moment, the basic drawback of any cloud is that no one knows who owns the information that is being stored in the cloud — literally, your information is ‘out in the cloud’. Licences focus primarily on use and low cost, not on property and the higher cost of security.
Security and other challenges
Cloud computing should at least fulfil minimum requirements for security. Mr Bus compares this with the evolution of car insurances, which added liability issues step by step. A cloud provider should also see how to comply with the existing principles of the US-EU Safe Harbor Framework — a complex set of voluntary agreements for trade on the privacy of data and data flows from EU Member States to the United States and vice versa.
In the meantime, Mr Bus advises cloud users to find answers to some basic questions before joining a cloud and uploading data onto it:
- How does the cloud work, for which sector is it conceived (e.g. manufacturing, industry, e-health, government, regions, nations), what are the sectorial strengths and, does it suit my needs?
- Is the cloud I envisage joining compatible with other clouds, i.e. in which language is data stored (e.g. computer-aided design systems, CAT)?
- What happens with my data in case the cloud provider goes bankrupt, where will it go? Is there an emergency plan in place?
Cloud computing in Luxembourg
Mr Bus closed the seminar by opening an internal discussion about cloud computing by CRI. When looking at the basic prerequisites for cloud computing in Luxembourg, the country’s banking secrecy laws pose an obvious obstacle to the utilisation of clouds.
One solution for storing secret banking data could be the categorisation of this data. Another solution might be to push for changes in jurisdiction altogether. ‘In any case’, Mr Bus brings out, ‘the biggest problem of banks is not so much financial data, but archiving signed documents.’ How can the signature process be organised in such a way that daily automated archiving of thousands of documents can be done correctly? ‘If there in one process to be automated, it would be that one’, he concluded.
Cloud computing in the EU
What are the steps taken by the European Commission in the area of cloud computing? Mr Bus explained that as far as general EU policy was concerned, the EU should not focus too much on providing cloud infrastructure. ‘This is a market already taken by the United States. The EU should focus on what it is good at: traditionally this is manufacturing and transport. It should therefore focus on platforms and improve the service and basis of such platforms.’