Introduction
Cloud computing is an information technology development that has started to get shape in the sixties, but in 2009, it has picked up pace progressively when Google introduced the browser based enterprise applications. Cloud computing is promising responsiveness, effectiveness and substantial cost efficiencies in information technology service delivery. However, many obstacles confront cloud computing progress such as security, ethical, legal and social issues. To reap the above benefits, this paper will define cloud computing, describe the benefits, clarify the top issues facing this technology and provide policy recommendations to advance the technology further.
In 2008, Farber quoted Larry Ellison, president of Oracle, demonstrating cloud computing:
"The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do. I can’t think of anything that isn’t cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?"
This cynicism and concept is in contradiction with Hartig (2008) definition: “virtualization of resources that maintains and manages itself,” or Nigel Waters’ of George Mason University (2009): “information process in which computing needs are provided as a service, including data and software applications.” Most notably, the work of Buyya, Yeo, Venugopal, Broberg and Brandic (2009) has consolidated other works of twenty computing researchers and practitioners and summarized the definition into: “A Cloud is a type of parallel and distributed system consisting of a collection of inter-connected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resource(s) based on service-level agreements established through negotiation between the service provider and consumers.” This definition encompasses the use of network, hypervisor technologies, data processing, data control and legalization, and flexible contracting to subcontract information technology services. It also differentiates cloud computing from other IT technologies such as clusters, grids or similar paradigms.
Figure 1. How Cloud Computing Works
Source: Strickland, J. How Cloud Computing Works. Retrieved February 24, 2011 from: http://communication.howstuffworks.com/cloud-computing.htm
Figure (1) illustrates how an organization’s client computer can access a remote storage database, start a remote application or even communicate with other computer on the network.
Benefits of Cloud Computing
The previous cloud computing set up provides many benefits to service providers and user organizations through public or private clouds. Service providers profit from their services and balance services’ supply and demand in the market (Buyya et al. 2009, p.601). Users can cancel the service at any time, reduce or eliminate internal IT services (and thus reduces IT costs), remotely access the cloud from anywhere, and increase sustainability and scalability. Cloud computing is a user friendly, a more green technology, convenient, elastic and transparent (Anthens 2010).
However, within the above benefits lie many thorny issues. Users are concerned about ethical issues of privacy risk, the legal issues of intellectual property rights, security issues, and social issues of trustworthiness. The following section will clarify these issues.
Ethical Concerns
Cloud computing is hailed with many risks related to data use, disclosure, and disruption. According to Wittow and Buller (2010), thirty five percent of internet users said in a survey that their privacy was violated. Svantesson and Clarke (2010) claim that privacy laws sometimes are very vague such as in the case of Google’s docs. Google provides third party gadgets to users allowing third party to handle personal data. Google does not consider data on the public domain as private. Its privacy policy may change sometimes without notifying the user. These policies are always in favor of the provider. Finally, these are legalization differences with user data transfer across borders in the case of Facebook in Germany and Google maps in China.
Legal Concerns
As discussed above, existing laws has not kept pace with cloud development. Wittow and Buller (2010) argue that as the cloud services become more complex, providers must reflect this in their privacy, copyright and security policies. Some of the currently pending cases with the Electronic Privacy Information Center (EPIC) files against the provider include unauthorized publication of Gmail subscriber contact lists (Google), information collection about users’ web browsing activities (Facebook), data shared with researchers (Netflix, Inc.), and change of privacy policy allowing access to personal information (Classmates Online, Inc.). From the above, it is envisioned that claims will be on the rise as cloud computing progresses further to the satisfaction of the user. However, the user needs to be aware and address cloud security issues.
Security Concerns
Foster et al. (2009) notes specific cloud security of sensitive data access, data segregation, privacy, bug exploitation, recovery and accountability. Zissis and Lekkas (2010, p.5) categorized cloud security threats into account control, malicious insiders, management console security and multi-tenancy issues. There is a lack of standardized definition in categorizing cloud security in order to address them properly, but most practitioners agree that virtualization is the primary solution to cloud security issues. However, Armbrust et al. (2010) goes further by saying that users will not revert to engineering solution to fix cloud security bugs but rather go to courts, a much easier solution. Others like Athens (2010) and Zissis and Lekkas (2010) propose solution to various cloud security issues through cryptography, particularly public key infrastructure (PKI). Armbrust et al. (2010) presented many opportunities to develop cloud computing further. These opportunities include the use of multiple cloud providers, standardize APIs, deploy encryption and virtual LANs, improve virtual machines support, invent scalable store, and pay-for-use license.
Social Concerns
International Telecommunication Union (2001) defines trust in a transaction as: “An entity A is considered to trust another entity B when entity A believes that entity B will behave exactly as expected and required.” The user considers a provider as trustworthy if its services are reliable and accurate. This sense of value stems from provider’s moral integrity, expertise knowledge, excellent security mechanisms and fulfillment of its obligations mandated by its policies and contracts (Wittow and Buller, 2010, p.6). Conceivably, the most important factor to users is a transparent security and hosting practices (Cervone 2011).
Summary and Recommendations
Cloud computing is here to stay. It houses huge benefits to users like responsiveness, effectiveness and efficiencies to services but is also marred with many issues such as privacy, trust, security and legal issues. These issues are intertwined and cannot be separated. Providers must address them together to be successful. Ethical issues focus on user data privacy policies that are biased to providers. Legal issues clarified that privacy, copyright and security policies need to match the complexity of cloud computing services. On the security issues, it is found that there is no agreement on a uniformity but practitioners consent on a few particular measures to enhance cloud security through virtualization and data encryption. Finally, on the social issues, trust resembled a concern that can be tackled through transparent security and hosting services.
Perhaps the best recommendation to develop cloud computing are;
- Providers increase their awareness on users privacy laws
- Providers need to converge to provide interoperable platforms
- Encryption of user data, and use of firewalls and virtual machines
- Investment in high speed communication networks
- Use of multiple cloud providers
- Ability to scale up or down quickly
References
Anthens, G. (2010). Security in the cloud. Communications of the ACM, November, 53 (11), 16-18. doi: :10.1145/1839676.1839683
Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Zaharia, M. (2010, April). A view of cloud computing. Communication of the ACM, 53(4), 50-58. doi:10.1145/1721654.1721672
Buyya, R., Yeo, C., Venugopal, S., Broberg, J., Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems 25, 599-616.
Cervone. H. F. (2011). Managing digital libraries: The view from 30,000 feet. An overview of virtual and cloud computing. Information Services, Purdue University Calumet, Hammond, Indiana, USA. Retrieved February 24, from: www.emeraldinsight.com/1065-075X.htm
Farber, D. (2008). “Oracle’s Ellison nails cloud computing”. CNET News, September 28, 2008. Retrieved February 24, 2011 from: http://news.cnet.com/8301-13953_3-10052188-80.html
International Telecommunication Union. (2001). X-509, ISO/IEC, 9594-8. The directory: Public-key and attribute certificate frameworks, ITU, X-Series.
Svantesson, D., Clarke, R. (2010). Privacy and consumer risks in cloud computing. computer Law & Security Review 26, 391-397.
Waters, N. (2009). “GIS, Cloud Computing, and the Internet of Things and Services”. Geoplace. Retrieved February 24, 2011 from: http://www.geoplace.com/ME2/dirmod.asp?sid=&nm=&type=P
Wittow, M., Buller, D. (2010, July). Cloud computing: Emerging legal issues for access to data, anywhere, anytime. Journal of Internet Law 14(1), 4-10.
Zissis, D., Lekkas, D. (2010). Addressing cloud computing security issues. Future Generation Computer Systems. Elsevier, doi:10.1016/j. future.2010.12.006
