According to yesterday morning’s ABC Radio National show, cloud computing will pose a danger to your on-line privacy and security with people able to read your email, see what web sites you’ve visited and reconcile your on-line activities, banking details and buying habits. We’re also going to hear a lot about cloud computing in the coming months because Google have just released their latest product, Chrome.
That’s what I understood from the show. I’m not entirely sure how Chrome fits in to the equation, but I’ll get to that later.
So apparently cloud computing is a system that allows applications to run “in the cloud”* where all data is accessible by Google. The presenters did single out Google but added that other cloud computing providers could also access any data in their part of the cloud.
Experts were also quoted as being concerned about the security of the data in cloud computing environments as, not only does the user need to trust the application developer and maintainer, but any other third party that the application hosting is reliant upon. Currently people only need to worry about the software producers as all data is stored on your local computer.
I think there’s a massive amount of confusion here, or perhaps I’m the one that’s confused.
Let’s examine my view of what cloud computing is: computing power that resides “in the cloud” and isn’t dependent on one piece of hardware. I’ll flesh that out a little.
* Just a comment of “in the cloud” - in network diagrams “clouds are used to represent networks external to the one pictured for the purposes of depicting connections between internal and external devices, without indicating the specifics of the outside network” [wikipedia]. Generally this refers to the Internet.
In the beginning there were servers. Real, physical boxes that ran an operating system. They would be web servers, database servers, email servers, and so on. Some servers would provide more than one function, offering web, database and email hosting, for example. People had the choice between having their own dedicated (physical) server or hosting in a shared environment where multiple clients’ web sites were hosted on one physical box. The latter option was much cheaper but also provided less flexibility in terms of server configuration for the end client.
Then there were virtual private servers. Imagine a physical server that contains multiple virtual servers. Each virtual server has its own operating system, its own disk space and can run its own programs. This provided the functionality of a dedicated server at a fraction of the cost.
Now imagine having a virtual private server but you don’t know where it is. You don’t have a concept of it residing on a physical server - it’s simply out there “in the cloud” somewhere.
That is, in my view, cloud computing. Removing the “isn’t dependent on one piece of hardware” part of my definition would make any server fit the description of cloud computing.
So why are all these people concerned about cloud computing being such a threat to privacy? Cloud computing will allow web-based applications to scale more readily to demand, so perhaps more web-based applications will be hosted in a cloud computing environment. Perhaps it’s also because Google’s online applications (Docs, Calendar, Reader, etc.) are perceived to run in a cloud computing environment and that Google are the custodians of your data. Together with their Adsense technology, it’s assumed that Google know everything about you.
The dangers are, of course, already there. I use Google calendar for all my appointments, so they know whom I know, where I’ve met them and when all my friends’ birthdays are. My news reader of choice is Google Reader. I use Twitter to share my current actions, feeling, learnings, rants. Technorati and Google Blogs index my blog. I used to use Saasu for all my business accounting and billing. Running these applications in a cloud computing environment is not going to make these data any more reconcilable than they already are.
One example given of the privacy concerns was that people will now be able to read your email and see which web sites you’ve visited. Well, I can (but don’t) read all my clients’ emails - they’re stored on my server. My ISP can see every web page I’ve requested (and most of the time its contents) and probably passes that information to Hitwise. Google Analytics knows a fair amount of where I’ve been and what I like.
Caveat lector: I have not managed to determine what Google’s policies are on data stored on Google’s App Engine. If you know, please add a comment to this post.
In my view this is all hype about nothing. We’re no less secure than we were before. The goal posts have not moved, we’ve just been given a different playing field in which to kick our balls around.
Given my near-paranoid tendencies when it comes to security and privacy, should I be worried?