Do you believe in cloud?

Do you believe in cloud?

Summary: How do you know you are getting promised cloud services? You don't, according to researchers.

TOPICS: Storage, Cloud, Security

What is needed to verify cloud service level agreements? Is faith enough?

Authors Sara Bouchenak, University of Grenoble, Gabriela Gheorghe, University of Luxembourg, Gregory Chockler, IBM Research UK, Nuno Santos, Max Planck Institute, Hana Chockler, IBM Research Haifa and Alexander Shraer, Google, discuss this in a recent paper Verifying Cloud Services: Present and Future (pdf).

The authors note "As far as we know, no clouds adequately address service performance and dependability guarantees. . . ."

But is isn't just performance and dependability. There's more.

Is the service functionally correct? Is the performance meeting SLA requirements? Is the security level sufficient and does it meet the cloud vendor’s claims?

The authors identify for specific areas where more information, independent of cloud service providers, would help consumers and enterprises.

  • Trusted software and server identity. Is the service running the right software over the right set of servers?
  • Functional correctness. Once the service is up is it doing what it is supposed to do even as the specific physical servers and network configurations are changing?
  • Performance and dependability. Is it meeting performance and availability requirements? If not, why not?
  • Security. Does the service comply with stated security policies?

This is not theoretical. For example, it has been demonstrated that it is possible to manipulate the identities of virtual machine images to attack consumers on Amazon’s EC2 service. If something can be hacked, or misconfigured, it will be.

The challenge
There are few available techniques to verify cloud service integrity in a scalable manner. Configurations change without notice. Software updates, physical servers, network routers and more are not controlled by users.

And that’s assuming everything is working as planned.

For example, cloud storage. We may be reasonably certain that bulk data is consistent from one user to the next. But what about updates? How can users be certain that updated data is available promptly to authorized users?

Or encryption for data at rest? How do we know it is encrypted? That the encryption process is secure?

Given varying national laws and surveillance programs, how can users know where data is physically located? Where are the audit trails that can show regulators or plaintiffs that no laws were breached?

The Storage Bits take
This paper is sobering because it shows how primitive current tools for verifying cloud services are – if they exist at all. It isn’t even clear that cloud providers themselves know if their promises are kept.

Cloud services are now an irreversible part of the IT infrastructure. But lacking accountability it is inevitable that abuses will occur.

Comments welcome, of course. Okay, you can't prove you're getting what you pay for. Do you care?

Topics: Storage, Cloud, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Good points

    I've been waiting for an article like this. I don't put much trust in the cloud--partially for reasons of privacy and security, partly because I deal with huge files, and also for many of the reasons you cite.

    I worked for a large corporation that moved our servers from our own building to another building on the other side of the country. I suppose they thought the speed of light had been repealed and they were mystified that our performance went into the toilet. They settled on a solution that involved a sort of cache-server on our site with permanent storage in a central area. While not quite as good as a pure local solution, it was a big improvement.

    Seems to me that you might be able to accomplish something similar with a dedicated NAS of some sort. You'd have largely local access to programs and data, only accessing the cloud when you needed something new. Your own data could flush back to the cloud as local bandwidth allowed. Many of the issues you've mention aren't addressed by this, but at least performance wouldn't suck as bad.
  • The cloud issues you discuss, and more, make it untenable for us.

    It is more than just ensuring that you got what you paid for.

    Sadly there are many such issues with the current state of "the cloud". It is basically an offsite-based network computing solution -- and carries the same problems that have always plagued that model.

    The data is held by someone else, under their rules, and at their location. It is accessible to you at their whim.

    If their site gets hacked, all your proprietary data is in someone else's hands... along with any market advantage all that research and development may have provided to your company and your customers and shareholders. If the network goes down, you can't conduct business. If a government (be it domestic or foreign, depending upon their host location) seizes their systems, your data is lost. If they go out of business, you do too.

    All of this doesn't even touch on the risk of that data being corrupted and/or lost if their systems fail and their back up solution isn't as robust as their sales-weasel led your CIO to believe.

    Finally, read their service level agreement. Yeah, really read it. I will wait...

    They are not responsible for anything. Of special note is the fact that service outages which could cost you hundreds of thousands of dollars an hour are handled by a "time refund" which only extends the contract by the amount of time your service was unavailable. That is worthless. Our profit margins in this economy are thin. Being down for an hour could be the difference between making a profit and incurring staggering debt. Being down for a day would probably result in lost contracts and that would cause layoffs of staff -- perhaps even leading to a death spiral for the company.

    Considering the risks, not just of false advertising and potential under-delivery of services paid for, maintaining an IT staff and data center doesn't seem that expensive.

    • Mr. Doe: Have you ever heard of ...

      the idea of one big basket for all eggs? I'm sure you have, yet neither you nor the author addresses this issue, in my opinion, and it is the fundamental advantage of cloud computing. If:

      -- all your production machines are virtual
      -- you are keeping block-level incremental backups at the hypervisor level of all VMs in multiple locations (including in your own company's facilities)
      -- you have redundant contracts with several datacenter operators in different physical cities with multiple dark fiber connections
      -- you can spin up VMs at rest at multiple locations, all of which have RTOs and RPOs measured in minutes, and/or you use fault tolerant VMs in a metro network configuration for the really important stuff

      then you have a MORE robust software enterprise suite than you can possibly have at one or even two physical locations under your own control. Of course, one datacenter could get sloppy and allow someone to access/hack/steal a VM... but that's also the case at your own location(s)! Are you motivated to apply access & security best practices to protect yourself? Obviously, you are. Datacenter operators are even more motivated, because they can so easily lose your business and their reputation. Is there a way to "stress test" their ability to meet your needs, in the same way that you can go around yanking power cords and sticking virus laden USB drives in sandboxed servers in your own facility? If you talk with them, I bet you can find operators who would be glad to set a sandbox or two up for you.

      In sum, the arguments you list AGAINST the cloud can be turned right around against your own server room, whereas the huge advantage of the hybrid cloud (your stuff + their stuff) can only be trumped if you go out and build/buy your own datacenters. Of course, if you're the NSA or DoD, you have the budget. Otherwise, maybe not...
  • I believe in cloud architectures ...

    ... but I wouldn't trust any of the incumbents as far as I could throw a datacentre.

    OK, I do trust them: to keep the vast majority of the benefits of technology advances to themselves and their shareholders.

    I liken the move to the cloud as entrusting my children to a convicted paedophile.
  • cloud

    is that the British spelling?

  • It's called evolution

    We don't know what we don't know. We're going to find out, though. And service agreements and such will evolve as the cloud market does. Also, reliability, dependability, and up-time are all important, but security (data protection) is still more important in most scenarios (eg, the enterprise) if you consider that most cloud services today are fairly reliable (with a few exceptions, of course).
    • Unless it Fails which case it is merely called a mutation.

      Potential improvements aside, I cannot see how the cloud can ever avoid presenting an additional layer of security risk that self-contained LANs do not. Of course the cloud can potentially decrease risks surrounding business continuity, but then you're also dependent upon the continuity of a third party as well.
  • I am not buying into it.

    So, what happens when the internet is down. All you have is a paperweight. Sorry, I want all of my software on MY computer. The ONLY reason for the cloud is profiteering. Software companies (naturally) do not want people stealing (pirating) their software, and this is a way to prevent that. The cloud is for the good of the corporation, and not for the good of the people.
    • Agreement (sort of)

      With several machines that I use I like the cloud as a means to synchronize those files I want to keep current on my PC, Laptop and Communications Device.

      But everything's primary location is on my machines. What's sync'd is minimal.

      Yep there is a security issue, but I am like one ant on one ant hill in one field and anyone that targets my stuff will surely find they wasted their time.

      Finally, the point on internet being down is not as big as The Power Being down. Broad Power Outages are far more prevalent.

      So I do agree (sort of).
  • the big one is availability

    And it strikes me that that one is fairly easy to capture - they either have your site up with a uptime that matches their PowerPoint, or they don't. You can log that in your app.
  • We are all customers of "the money cloud"

    We all trust our money to a third party (a bank), but yet we don't trust our data to anybody.
  • Live by the cloud, die by the cloud

    enough said.