I spent most of the day on 16 September 2010 attending the various cloud computing sessions. My interest is personal because of the knowledge gain from the DiploFoundation course and also professional because the OECS Regional E-government Project contemplates the utilization of cloud computing to deliver e-government services. This report outlines my understanding of cloud computing and its applicability for developing countries.
The simple definition of cloud computing is the movement of a computing or storage function away from a locally controlled computer system and onto an operator’s servers in the internet cloud. Clouds are used for the provision of business, government and consumer services. An example of a consumer service is Flicker. They can be public, private or hybrid of public /private.
Cloud computing is the latest innovative trends in information and communications technology. The popularity and provision of these services are fast growing because of the many benefits such as:
· Reduces the opportunities for security breaches by providing security monitoring systems, backup of data to diverse locations, automatic security patch applications, encrypted internal information distribution, conduct regular security audit of third- party providers and have processes for minimizing internal security threats.
· Allows users to access applications and data from anywhere at anytime and offers cost-effective data centre security.
· Businesses save money and improve reliability by outsourcing to cloud providers, example the OECS Utilizes Google as our e-mail provider. This reduces the cost of having a dedicated machine and a large support staff.
· New startup companies can compete with other players by focusing on the development of products and services rather than back office services.
· Promotes of Innovation and competition
Despite the many benefits, studies have shown that companies are unwilling to place their mission critical application on cloud servers. Therefore most are using the cloud for non critical information. The major risks associated with cloud computing are:
· In adequate legal framework associated with privacy, data retention, jurisdiction over the data/ information, bankruptcy, data portability, encryption and dealing with intermediaries.
· Aggregation of large volume of data is perceived to create vulnerability to cybercrimes.
· Difficulties with assessing cloud providers
o Inadequate human capacity
o Lack of standards
o No third party security validations possible
o Difficult to determine who has responsibility for the data /information
· Unreliable services due to unreliable telecommunications network.
· Possible risk to free speech where governments want to have control content or law enforcement request information about the users.
Solutions to combat risks
Many industry players are of the view that there is need for a multi stakeholder approach to combat against the risk associated with cloud computing. The proposed solutions are:
· Ensuring a genuine single market
Ø Creation of a digital market for digital services in geographical areas
Ø Harmonized and coherent legal regime to govern contracts, data security, privacy, confidentiality, flow of data, access and retention.
Ø Creation of Industry Standards and practices.
· Greater transparency about the privacy and security practices
Ø Provide information on privacy and security practices to the users
Ø Ensure users receive more and better information about how their data is stored, processed and made available
Ø User feedback to security and privacy protection solution vendors
· Enhance security in the cloud
Ø Strong deterrent through criminal and civil enforcement with meaningful penalties
Ø Legal framework with information sharing of technical expertise between the public and private sector.
Ø Ability of law enforcement to team up and exchange information globally.
Ø Utilize risk based information security program with detailed security controls that mitigates risks
Ø Implement an operating compliance framework
· Resolve sovereignty issues
Ø Resolve rules governing access to and jurisdiction over user content and data.
Cloud Computing in China
The number of new Trojans grows at a rate of ten times a year. The company 360 was formed in China in 2005 to provide an alternative to deal with the Problems of Antivirus Technology which are:
· Excessive Resource requirement jam the system
· Slow san speed, slow signature update
· Easy anti-virus before threat patched
The 360 Cloud Security Architecture is as follows:
· 300 million users community for new threat discovery
· 50 billions of queries a day
· 3 million new Trojan discovered every day - 30 second update for each users
· 10,000 servers for Trojan identification and query service
360 provides users with
· Light touch solutions that do not jam their system
· Is 10 times faster than traditional anti-virus
· Dual engine in used in the 360 Antivirus framework; a cloud security engine and signature engine
· Explicit information upload
· Only upload executables
· Trustee of source code for inspection and questioning of privacy violation
· Join IAPP – Privacy Protection Association
Feasibility of cloud computing for developing countries
People in developing countries are using cloud services at the personal level. The utilize services from Yahoo, Google, Flicker and social networking accounts. Most of which are free. However at the corporate or the enterprise level, cloud computing does not seem attractive because of the risks highlighted about not also the challenges that exist in developing countries.
These challenges include
· Availability – Issue of access, stable connectivity, low internet and computer penetration rate
· Affordability – Given that most of the cloud services are offered in the United States can organizations afford the bandwidth necessary for reasonable throughput and the provision of quality service.
· Security and Privacy – Basic legal framework for electronic transaction, data protection and privacy, cybercrime, interception of information, data retention
· Technical Capacity – to understand the cloud environment and services including ownership of data.
· Lack of trust for on-line transactions, e-commerce and e-government
Cloud providers are primarily located in the United States, therefore the customer will have to bear the cost for the international traffic to access their data. In order for cloud computing providers to establish data centres in developing countries, the venture must be financially feasible and guarantee a reasonable return on investment. Developing countries may not have the critical mass required to attract operators to relocate to their region.
Cloud computing is a new and evolving. There are benefits however there are also numerous risks. Therefore the majority of enterprises are placing non critical information in the cloud. A multi stakeholder approach is needed to mitigate against these risks and to find a solution for the provision of cloud computing to the developing countries.