CloudWashing

Chris Cruz made it clear during his guest lecture that the government of California is interested in stepping away from the public’s notion of an institution that is outdated, inefficient and boring. Changes listed to enable this metamorphosis included many that mirror technology companies in the private sector including compensation, cubicle-less open offices, a focus on work life balance, and adopting new technologies such as virtual machines and cloud technology.

As the Government races forward to take advantage of burgeoning technologies and compete with the private sector however, they must be wary of some of the pitfalls that plague it. In particular, I am interested in “Cloud Washing”, a term which “refers to vendors’ and service providers’ exaggerated marketing, where they label a product as ‘Cloud’ even when such designation is either completely false or at best, jumping the gun on a future capability”. [1]

What Is the Cloud:

In order to understand the term and it’s effects, one must dive deeper into what the term “cloud” actually means. According to the NIST definition something deemed to follow the cloud model has a number of essential characteristics [2]

On Demand Self Service : A consumer can unilaterally provision computing capabilities.

Broad network access: Capabilities are available over the network through standard mechanisms.

Resource Pooling:Computing resources are pooled to serve multiple consumers.

Rapid Elasticity:Capabilities can be elastically provisioned and released.

Measured Service:Ability to control and optimize resource use by leveraging a metering capability.

Furthermore, while the multiple service models of cloud services are fairly well known (software as a service, platform as a service, and infrastructure as a service) the differences between deployment models are often glossed over or ignored when referring to “the cloud”. The official NIST definition (and also private vendors like Microsoft [3]) define four deployment models with what is likely the most recognizable being a public cloud, where the “infrastructure is provisioned for open use by the general public” … “it exists on the premises of the cloud provider”. While for many users that is the extent of what they think of as “the cloud” NIST also defines a private cloud, that is managed and operated by an organization for their own personal use, and which may exist on or off premises. Providing flexibility in the space between public and private deployments NIST defines a community cloud (essentially an extension of a private cloud to a wider scope of users) and a hybrid cloud which combines separate public and private infrastructures in one service.

Which Cloud, If Any?

An oft overlooked result of an official definition such as that provided by NIST is that if a service fails to meet the essential characteristics outlined, it is not a cloud service. An example would be that if using your users are unable to easily provision a new virtual machine, or you are unable to monitor and report resource usage, your infrastructure is likely not a cloud.[4] This does not mean that non cloud services such as basic virtualization,local data centers,managed hosting and web based applications are not a great fit for many use cases, in fact these services are often exactly what companies want [1] simply less likely to make headlines.

If indeed a set of particular needs are addressed efficiently by the cloud, one must still determine which type of cloud. As outlined by many providers such as RackSpace [5] considerations such as security may steer customers away from the public cloud and toward a private cloud. On the other hand if you find yourself with an existing private infrastructure but are unable to effectively handle usage spikes you may be able to implement a hybrid model by “bursting” as defined by Microsoft [6] where “an organization using a private cloud reaches 100 percent of its resource capacity, the overflow traffic is directed to a public so there’s no interruption of services”. 

Buzz Words

While harping on the standard definitions of terms may seem pedantic, the misuse of these terms can have serious ramifications in the real world. These ramification include legal ones like those faced by Oracle [7] due to their launch of the ‘Oracle Exalogic Elastic Cloud’ which many felt was not a cloud at all but a clear falsity for marketing purposes. 

These transgressions are not only on the part of service providers but also executives who make claims about their companies use of new cloud technologies. When faced with buzzwords such as “block chain” and “cloud” companies and even governments must be careful that they do not invest in unnecessary technology by falling for a providers hype,  or make false promises to consumers by perpetuating it.

The fact that a term is buzz word however, is not always a reason to dismiss it. The implementation of cloud computing as it is defined is truly revolutionary, changing how how consumers interact with products as well as the development of products themselves. On the contrary, to rail against those misusing these terms for their own gain is a way to prevent hindering the progress of pioneers and diluting peoples understanding (and therefore appreciation) of trans-formative technologies that are changing our world.

Concept as illustrated in a Dilbert cartoon – http://dilbert.com/strip/2012-10-21

[1]https://www.forbes.com/sites/jasonbloomberg/2014/07/15/why-implement-cloud-when-cloudwashing-will-suffice/#346eac534169

[2]http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

[3]https://azure.microsoft.com/en-us/overview/what-is-a-private-cloud/

[4]http://searchservervirtualization.techtarget.com/feature/Virtualization-vs-cloud-Lets-get-this-straight

[5]https://www.rackspace.com/en-us/cloud/cloud-computing/difference

[7]http://www.infoworld.com/article/3079773/cloud-computing/cloud-washing-goes-beyond-the-oracle-lawsuit.html

[8]https://blog.cloud.ca/cloud-washing?utm_campaign=Cloud%20Washing&utm_medium=social&utm_source=linkedin

0

2 comments on “CloudWashing”

  1. I think you have very interesting point that the “cloud” needs to be clearly defined. But I then have this question: should California Department of Technology set a standard for what constitutes acceptable cloud infrastructure, and require government departments to use only those options? Clearly this would be helpful from a security standpoint, but as you said above, a specific kind of cloud is not always the best solution. My hunch says that instead cloud infrastructure should be approved on a case by case basis, but that worries me about the potential bureaucratic slowdowns that could accompany that process. What might be an optimal or near-optimal way then to decide what constitutes acceptable cloud technology for the government of California?

    0
    1. Personally, I don’t think the issue is a lack of an accepted standard so much as it is people intentionally fudging the standard or giving false information so I’m not sure a government standard would do much to solve the issue. Whether or not an option used by the Government is acceptable or not should have nothing to do with the what we call the technology. This is kind of the inverse of the point of the forbes article I referenced, the issue is that people are drawn to using things called cloud technology even when what they want isn’t cloud technology at all. An example from my own life would be a friend in consulting who asked me how to apply the block chain to his clients private file sharing system. They already had the system, it did exactly what they needed, but the company wanted to slap the word “block chain” on it to attract investors. Similarly a number of vendors who label there product as “cloud” when it isn’t which creates confusion and obfuscates what the technology really is (and sometimes, as in the Oracle case, it is basically the same technology with a different name) and the scope of its impact. I agree that adopting technologies is something that has to be done on a case by case basis but I think it should be done solely based on what the technology has to offer, the cost, and what the risks involved are. It might be helpful to do have trial runs of technology isolated to certain low risk areas of the government or private sector before adopting them in a widespread manner (especially for something as large as the Government) but in the end you need to have an informed person(s) who sees through the marketing gimmicks to weigh the pros and cons

      0

Comments are closed.