7 Dumb Cloud Computing Myths

By Charles Babcock 11/14/2012 You've heard the arguments: The cloud is not secure, costs too much, and
wrecks the environment. Let us set you straight.

Cloud Mythbusting: Security Stinkers, Cost Clunkers,

And More
As I leaf through the pages of my cloud scrapbook, I'm struck by how much valuable ink has been wasted
repeating charges about cloud computing that just aren't true. Each year, sure as clockwork, Oracle CEO
Larry Ellison tries to come up with a new putdown of the multi-tenant cloud during Oracle OpenWorld,
like throwing mud against the wall to see if it sticks. Each year, the results are the same -- splat and slide,
gravity beats FUD.

Let's start with security myths. I've long been interested in the supposed lack of security in the cloud and
concluded that cloud operations are more secure than those of the average data center. That doesn't mean
there aren't a lot of gaps and loopholes when it comes to sending your data over the Internet to cloud
servers; any exposure to the public Internet contains its own hazards.

Data movement to the cloud is not a layup. But the standard of operations at Amazon Web Services,
Terremark, Rackspace, Savvis and others is high enough that you can be assured of best practices on a
more consistent basis than in many enterprise data centers. These centers are also going to be irresistible
targets, and eventually an isolated breach will occur. Achieving security in the cloud is a journey that's just
gotten underway.

I've also heard many critics say there's no definition of cloud computing, because there isn't really anything
new to define. In fact, there is the NIST definition, but I'm inclined to say it's more description than
definition.

1
 7 Dumb Cloud Computing Myths
The heart of cloud computing revolves around a new pattern of distributing computing power, not a new
technology. In this new pattern, the end user has much more control than he used to over a powerful,
remote server owned by somebody else. That control can extend up to the point where he achieves
programmatic control over the server, if desired. Getting that control while engaging in one of the lowest-
cost forms of computing is the heart of the cloud, an emerging relationship between the end user and
publicly accessible data services.

The myths that are most difficult to bust are the ones involving cloud costs. There are many circumstances
where monitoring cloud usage gets away from IT managers. They lose track of what employees have spun
up; at the end of the month IT is presented with a big, surprising bill.

Before any cost comparison can be made, the cloud customer needs to know what specific operations in his
own data center cost--a major research project. Some IT organizations do not have a true measure of total
data center cost.

Explore my list of the top seven cloud myths that continue to bedevil prospective cloud users. Then weigh
in with your opinion by leaving a comment.

Myth #1: The Cloud Isn't Safe

Security of operations is a cloud user's number one concern -- or, at least, tied for first. It's a concern that
will linger as more and more business users take their first, tentative steps with cloud services. And yet,
compared to the average data center, cloud security is both more rigorous and more strenuously monitored
than a heterogeneous enterprise data center's security can be. While there's a known case of a bot
establishing itself in Amazon's Enterprise Compute Cloud (EC2), Amazon detected its activity, determined
that it violated its rules of customer use and shut it down.

2
 7 Dumb Cloud Computing Myths
Payment Card Industry (PCI) compliant operations have been established in the cloud and the most
skillfully secured facilities, such as Terremark's Culpepper, Va., data center or massive Network Access
Point of the Americas data center in downtown Miami, pictured above. They've passed the Department of
Defense's stringent DOD Information Assurance Certification and Accreditation Process.

It may be that users need to access the public cloud via VPN, as merely using the Internet exposes users to
a predatory zone. But the cloud itself will eventually emerge as a more secure environment than the
corporate data center.

Image Credit: Terremark website

Myth #2: Virtual Machines Are Safe

Users of virtual machines (VMs) -- standard features of the multi-tenant clouds -- fervently hope that one
virtual machine can't spy on another running on the same server. But extremely skillful manipulators have
been able to draw conclusions about what's going on in a neighboring VM by watching what cache pages
get emptied out of host memory after the spying VM has taken its turn using the server core. Since the spy
just loaded the cache pages, it knows which data has been selected to be emptied out by the next user. And
that, it turns out, is an indicator of what's currently executing on the processor. Ars Technica ran a piece on
the phenomenon Nov. 6, noting it's extremely difficult to do, but scientists at the University of North
Carolina, University of Wisconsin and RSA Laboratories demonstrated that it's possible to derive an
encryption private key from this process. And there go the keys to the kingdom.

It's not clear to me how the spy VM knows which pages in the shared cache memory are being deleted if
it's in its idle state, but the research shows that it does. It's still a painstaking effort to build a picture of the
code executing, even when you have that information. You have to string together fragments of executing
code over and over again until you get a piece of telling code. But that's what the researchers did.

So far, no one has been able to do this maliciously in a real-world setting -- or if they have, it's not publicly
known. And there are fixes to prevent it. Nevertheless, it's a blow to confidence in what heretofore
appeared to be the virtual server's impenetrable, logical barriers.

3
 7 Dumb Cloud Computing Myths
And the researchers' paper went a step further than simply suggesting cache page downloads were the only
point of exposure. They also indicated that one virtual machine may be able to sense "the magnetic
emanations" signifying types of activity by another. Again, there's no evidence anyone has made use of
these findings in a malicious way, and major data centers may come up with countermeasures before they
do. But no one is quite sure when this information, in the wrong hands, will be used to breach existing
defenses.

Image Credit: Flickr user kellinahandbasket

Myth #3: The Cloud Costs More

My first question for those who believe the cloud costs more is: over what time period? If the cloud allows
you to avoid making a capital purchase, then it will almost always enjoy a demonstrable cost advantage in
the short run. But what about longer periods? This is an argument that needs a case-by-case comparison
and is not possible to resolve in the general sense.

The roadblock is determining precisely how much a given IT operation costs over a three- or five-year
period, versus how much it costs in Amazon Web Services EC2 or other cloud service. If apples-to-apples
comparisons are hard to achieve, what's crystal clear is what Amazon is charging. This enables responsible
IT admins' best estimates to be juxtaposed against known cloud costs.

The main argument supporting the cloud costing more is based on Moore's Law, which says the cost of a
compute cycle is halved every 18 months by doubling output. So why doesn't cloud pricing follow a similar
downward trend? It's because the cloud is a complete system, not just a standalone core or other component
to which Moore's Law might apply. Furthermore, cloud computing provides services -- configuration,
deployment, monitoring, chargeback and shutdown -- that an IT staff provides on premises. It's hard to
assign costs to those on-premises services.

4
 7 Dumb Cloud Computing Myths
So I guess this debate is going to go on. But the cloud is automating processes that remain the charge of
humans in enterprise IT. That alone ought to be a clue where both short- and long-term cost advantages
reside.

Image Credit: Flickr user 401(K)2012

Myth #4: It's Easy To Comparison Shop Clouds

You would think comparing the price of an hour's worth of computing among cloud vendors would be a
simple task. But cloud pricing tables quickly make it clear that the suppliers are not all that interested in
encouraging comparison shopping. Nor are there common measures or shared terminology that would help
establish the comparison.

Each vendor preconfigures server templates with networking and storage, then offers server sizes that
typically run from micro to small, medium, large and extra-large. But nowhere is there a clear definition of
these terms. A small virtual server gets a stated amount of virtual CPU power, but the Amazon EC2 virtual
CPU is different from the Rackspace, Microsoft Azure or Google Compute Engine virtual CPU. One
vendor's virtual server is defined with less CPU but more storage than another's. Load balancing and data
movement between virtual servers is free with one vendor, and incurs significant add-on charges with
another.

Potential cloud consumers get help estimating what their needs might cost from individual vendors. But
calculating a comparison of charges from one vendor to another remains very difficult. Amazon further
complicates the picture by varying charges slightly based on where its data centers are located. Rackspace
competes for entry-level customers; Microsoft competes for developer-oriented customers; Amazon
competes on its head start in building infrastructure-as-a-service and years of in-house usage before

5
 7 Dumb Cloud Computing Myths
launching its public EC2 service. Savvy shoppers understand where each vendor's most competitive
offerings are and buy accordingly.

Myth #5: The Cloud Runs Linux And Windows

Cloud computing for the most part runs on AMD and Intel commodity servers running the operating
systems most common to Intel's x86 instruction set, the basis for its Xeon family and other chips.
Consequently, it's possible to conclude that Windows Server and Linux are the operating systems that will
dominate cloud computing for the foreseeable future. But there are a few exceptions, and one of them may
catch on as an alternative.

HP is producing data center servers based on Calxeda-designed ARM chips for telecommunications firms
and other customers that remain unnamed. ARM doesn't run x86 applications, but it is an energy-
conserving architecture originally designed to power mobile devices. At six watts per core, versus 80-100
watts in the typical Intel server today, an ARM-based data center with hundreds of thousands of servers
would save significant energy -- while also not being able to run a significant amount of software created
for the x86 server world. HP is experimenting with another low-wattage server for the future data center,
based on Intel's Atom chip. It uses only seven watts an hour and does run x86 software.

Then there's the example of Joyent infrastructure-as-a-service (IaaS) running its SmartOS operating system,
a derivative of open source Illumos. The Illumos project was started to create an alternative provider of
Solaris, which became open source code itself in June 2005. In eyes of critics, Solaris ceased to exist as an
open system with the release of Solaris 11 by Oracle in November 2011. Oracle had acquired Sun and
brought the operating system back in house over the intervening two years. Illumos, meant to suggest
"illuminate" from its Latin root, was created by OpenSolaris advocates in 2011 as they saw the writing on
the wall. Joyent's SmartOS version is expected to become more generally available for on-premises and
private cloud use next year, according to company officials.

6
 7 Dumb Cloud Computing Myths
So will ARM or SmartOS replace the predominant Windows and Linux? Not anytime soon. But ARM
offers big power savings advantages for the cloud, while SmartOS offers advanced reliability and self-
healing advantages. Neither system should be counted out.

Myth #6: Proprietary Software Will Rule The Cloud

Somebody's proprietary software -- VMware's, Microsoft's, CA Technologies' -- will ultimately run the
private, on-premises cloud. Or at least that's what that some people believe as they look at the IT manager's
traditional need to have a major company backing and supporting the software.

But, when it comes to cloud computing, there's initiative on the open source code side of the ledger. Three
projects, Eucalyptus Systems, OpenStack and CloudStack, are vying to establish a stronghold with
developers and users, hoping to gain an edge in propelling the cloud forward. Each is innovating in virtual
networking, a laggard in the reorganization of the data center around virtualization. OpenStack's Project
Quantum is rich in virtual networking talent as it captures code contributions from HP, Nicira, Cisco, IBM
and others.

Whether one or all of these projects can gain a rapid leading edge remains to be seen. But if any get the
upper hand in implementing a more fully automated data center, thanks to the flexibility of new virtual
networking services, they are likely to compete effectively with commercial software. The Linux example
has made believers out of many IT managers when it comes to open source. Cloud computing may be the
next place where open source systems match or surpass the proprietary competition.

7
 7 Dumb Cloud Computing Myths

Myth #7: Cloud Data Centers Are Killing The

Environment
It's no secret that new data centers are being built around the world to support mobile devices and cloud
computing. Intel watched what markets its servers ship to and concluded that $450 billion a year was
flowing into new data centers -- "one of the world's more significant capital investments," said Intel CEO
Paul Otellini in October 2011.

That's a distressing development, according to an article in the New York Times Sept. 22 by James Glanz.
The new data centers accelerate power consumption and lead to more carbon dioxide production and
environmental degradation, Glanz wrote. InformationWeek, in response, pointed out that more computing is
being done on less power, and that trend is not yet exhausted.

Furthermore, some of the computing -- say, when you're shopping on Amazon or planning a trip -- is done
by moving bits around instead of moving 4,000-pound cars through cities to bricks-and-mortar stores or
travel agencies. A full energy audit might find that cloud computing is more energy efficient than
predecessor platforms, and many of its activities replace more material- and energy-consuming ones in the
physical world.

Nevertheless, scientists may one day conclude that global warming is producing larger hurricanes on the
East Coast and extended droughts in the Midwest. At that point it's possible to see government deciding
global warming threatens society's survival and future use of cloud data centers must be rationed, whether
that's the right decision or not.

I'm betting the electricity consumed per unit of computing will continue to decline and the productivity of
work accomplished in the cloud will become a strong counter-argument to rationing. But this is an arms
race that many data center architects and foot soldiers in enterprise data centers and cloud computing
centers will have to win.

8
 7 Dumb Cloud Computing Myths
RECOMMENDED READING:

Answers To 9 Questions About Public Cloud Migration

Cloud Myth 101: Cloud Is A Place

Oracle Open World: Key Questions On Cloud Vision

Cloud's Big Caveat: Runaway Costs

Cloud's Thorniest Question: Does It Pay Off?

Terremark Cloud Services Pass DOD Security Test

Will Dell Lead The x86 Data Center Market?

N.Y. Times Data Center Indictment Misses Big Picture

How The Feds Drive Cloud Innovation