I wrote a blog post yesterday about my move to the cloud. It has gotten 234 comments so far and another 49 on Hacker News. That's a lot of discussion about something that is fairly commonplace these days.
It's pretty clear from reading the comments on both places that moving to the cloud is something many have done, many more are doing, and a few are resisting. It's also clear to me that it is the future.
There are two issues that were raised again and again about the cloud, reliability and security. The first, to me, is a non issue for the most part. I believe that services will go down occasionally. We sync our critical data in the cloud to a machine somewhere so that if the service is down we can still operate. And if you look at most service failures, they don't last more than a day or two at most. I think the reliability issue is manageable with approaches we have right now. And I think service reliability will improve. That said, backing up your data in the cloud is a good idea. One company whose name came up a fair bit in the comments is Backupify. Antoher is Spanning Backup.
The security issue is much more complicated. I'm not a security expert and have not invested in security even though it has been one of the best investment sectors over time. But it is pretty clear to me that there is a huge security opportunity with this mass movement to the cloud. Entrepreneurs and investors are focused there already and I'm pretty sure there are going to be some really big companies built in cloud security.
The cloud is one of the four megatrends I wrote about recently. And its a big one with implications all over the technology sector and society at large. I guess that's why we got all the discussion yesterday.
How about a shout-out to Fake Grimlock for best rating yesterday… :)Here’s a minor counter to reliability: you seem to be speaking as a consumer. From a startup perspective, the EC2 outage that took down Heroku (some of its databases are on EC2 in VA) and a lot of its customers was incredibly painful and took more than a few days to resolve. What could possibly go wrong? Amazon’s platform has transformed the startup landscape–love it, happy, etc–but there’s that one missing piece: non-dependent redundancy to Amazon or its dependents.For us, it was a good lesson early on. Heroku will remain our main provider. But we need to be able to switch over to a non-Amazon-dependent service if and when there’s an outage. The company that makes that easy will do very well.As for security, there’s a tiny company–basically a young guy with skillz in Idaho–attempting a cloud security solution for consumers http://www.completelyprivat…. (I haven’t used it much, but maybe the community here can give it a try)
+1 to FAKE GRIMLOCK. HIM MADE US SCARED ABOUT SECURITY.
He did not make me scared. @Fakegrimlock:disqus just echoed my existing thoughts in a more commanding ‘DINO’ tone is all. 🙂
ME, GRIMLOCK, LAUGH AT PEOPLE THAT THINK REALISTIC PERSPECTIVE = FEAR MONGERING.CLOUD IS FUTURE. CURRENT CLOUD HAVE SERIOUS ISSUES. USE CLOUD SMART, EVERYTHING OKAY.ASSUME EVERYTHING PERFECT, USE CLOUD DUMB, THEN YOU PAY PRICE.
You sound like you should be giving lectures about alcohol use
ME, GRIMLOCK, APPRECIATE SHOUT OUT. BE ROBOT DINOSAUR IN HUMAN WORLD HARD, THANKLESS WORK. EXCEPT FOR TIMES ME GET THANKED. THEN IT JUST HARD.'< (DINO SMILE EMOTICON)
yes, i am speaking as a user not a developerand yes, fake grimlock was awesome yesterday
I commented on the security/privacy issue yesterday, but a big part of it is perception driven. The less-informed will see things in black and white and will always see security as an issue.Reality is that there are so many grades and shades of security and privacy levels that can be configured and built-in. It always boils down to costs and trade-offs.Ask SF.com how they run their entire business on a cloud infrastructure that was deemed good enough for the Fortune 1000’s who are using it to share critical sales and client data. I don’t remember hearing of incidents involving that cloud.The Amazon incident was unfortunate, and it was a good learning experience, but still- dollar for dollar, the cloud is delivering. And you’ve got to talk SaaS when you talk Cloud. They go totally hand in hand together.
From my (adimittedly limited) knowledge of cloud computing this makes sense. Didn’t Amazon’s incident not affect those who had paid for more expensive packages (stored in more than one data server, etc)? The only concern I’d have is that the Amazon incident seems to indicate that people, including many companies, are not accurately accounting for the probability of such black outs. So they rarely invest in anything other than the cheapest cloud option because they don’t quite realize the true chances of it failing.
There are some EC2 services at Amazon that have no availability or failover options. As a consequence, there are software stacks important to some types of businesses that have limited redundancy in EC2 currently. If EC2 goes down, the software may go down.Amazon EC2 services a relatively narrow use case. If your application falls outside of that use case then it becomes much more difficult to operate a cost effective and reliable service using EC2.
why is that failover option missing?
Because Amazon only offers it at single site. As for why Amazon only offers it at a single site, it is likely because they did not intend it for a use case that required high availability or the cost of providing it is not worth the investment.There are a number of common server use cases that are not well-served by EC2. For example, anything that requires non-trivial instance-to-instance communication. You can sometimes fake it inefficiently using what they offer but there are fewer guarantees once you step outside the intended use cases of their services.We do prototyping and testing on EC2 but it is not well-suited for a quasi-production version of our software. Like of availability features for some EC2 instances is part of that.
That’s more a problem of using a legacy single-server software stack than it is EC2. When considering failover, you can handle it either below the stack or as part of the stack. If you want the former, then you need to use OnApp, AppLogic or any of the other cloud solutions out there that use a SAN or distributed block IO alongside a automated restart of instances. They have their own set of drawbacks but they do make single-service instances in the cloud rather easy to setup.EC2 is of the type that requires you to implement reliability as part of your stack. If your app is widely distributed and scalable, this is actually easier as it doesn’t maskfailures and allows you to actually define the behaviour at the architecture level.
Our software is not a “legacy single-server software stack”. It is a very advanced massively parallel analytical database that was designed from the ground up to operate without a single point of failure. Some useful EC2 instances for this type of application exist only in a single availability zone in a single data center. No redundancy.The problem is more that EC2 is designed for a legacy “single-server in a VM” use case. We run single, pervasively distributed images of real-time analytical databases across a large number of servers. Not Hadoop or anything conventional but real-time geospatial polygon indexing, event detection, and graph analysis. EC2’s big weaknesses are that the network topology is highly suboptimal and the storage options are mediocre as well. I’m sure this will improve with time but it most assuredly is not there now.In principle EC2 would probably scale up well enough for some limited use cases for our technology but it would be far from efficient. EC2 was not designed for databases, exotic distributed real-time or otherwise.
I see many existing security vendors still thinking in terms of enterprise network “boxes”: firewalls, IPS, etc. they have not made the next step in thinking (at least not in public, maybe yes in the lab). Cloud just means a bigger enterprise network to protectThe “consumer” or “employee” cloud boom “everything away from my desk” might give rise to a completely new type of security company. Maybe this time, biometrics will actually go mainstream with so much at stake.
Biometrics is an interesting idea. But what happens if your biometric data gets stolen? I’d be worried that there would be no way to “reset” my access, because I can’t i any way change my biometric information. While current methods are less secure, when they get compromised there is less at stake. I’m no expert, so definitely correct me if I’m wrong, but that would be my concern.
Fair point. But there must be something better than id + pw
The two type system Google (and others) have of password and mobile device authentication is definitely a step up. By no means ideal, and a big hassle. But much more secure than id + pw. But I definitely agree, a new system needs to created.
CHIP UNDER SKIN, LIKE FOR DOG?DNA TEST, LIKE IN GATICA MOVIE?KARAOKE CONTEST? ME, GRIMLOCK, SUSPECT RENDITION OF BON JOVI’S “WANTED DEAD OR ALIVE” UNIQUE TO EACH HUMAN, TOO EMBARRASSING FOR ANYONE TO FAKE.
First, saw the commercials for the Playbook Tab from Blackberry… good promotion. Second, the cloud is a megatrend as you’ve already written of. I think the development of security products will match up with increased cloud usage. The cloud will truly enable evolution this decade, touching everyone’s niche. To me, though, it is a matter of marketing for cloud services being a little ‘off’ insofar as gaining wider usage. I know it follows the repeated timeline, starting with businesses, but I’m glad investment money is gaining in the cloud market so the marketing message for cloud services becomes ‘in’.
Let me share where we’ve seen huge issues with cloudreliability and what I hope VCs invest in to solve our problems. We’ve had hugeissues with outside cloud services failing on us. Examples: Google Analytics,Amazon S3 videos, numerous third party remarketing cookies and tracking pixelsgetting hung up and failures of other outside SAAS services. Actually, theydon’t typically “fail.” They have intermittent performance”hiccups” that sap our conversion rates.All outside HTTP requests on a web service are asking for trouble. If I maketwo outside HTTP requests to outside parties and they have a 99.8% uptime, thenI have roughly a 0.4% chance of issues. If I make 10 HTTP requests to thingslike SAAS applications and conversion pixels, then my chance of hiccups goes upfive fold. Maybe it’s only impacting a small percentage of my users, but it isa hidden conversion drain. As the cloud growsand so does the interworkings between various members of the cloud, the chanceof one of these parties going down also grows. The cloud makes sense on paper,but you are increasing your “points of failure.”I hope VCs invest in a service that helps measure the performance of thirdparty HTTP requests. We’ve been trying to buy one and haven’t found one. It’sso bad we’ve thought about building one and we are not a software company.Bigger picture, the issue of web complexity isincreasing and we need more robust web analytics tools. Google Analytics is notthe answer and it baffles me why so many people choose to make outside HTTPrequests for the mission critical data about their business. Instead of leaningon ten outside SAAS applications, people should internalize these applicationsand have a flexibility hosting infrastructure (probably based on the cloud)that allows them to grow their business.
It’s because I believe Google Analytics (as an example) can do analytics better, cheaper and more reliability than we can do in house.And downtime really isn’t that much of an issue. So long as you’re building your applications to handle downtime. If Google, or Chartbeat drop off the face of the world for an hour, sure I loose those services, but my webpage still works just fine. You mentioned S3, yeah that’s a problem, it’s why Amazon offer CloudFront. And we really couldn’t build a CDN in-house for anywhere near that cost.
I could not agree more…have been trying to find the right way to invest in this. There are two main security issues – virtual (commercial banks have gotten pretty good at this) and physical (need to make sure no one can break into the cloud data storage centers and mess everything up).What I cannot decide is whether it makes more sense for an existing virtual security company (e.g. Norton) to expand their physical services or for a physical security provider to absorb a network security firm. OR for each company to develop/purchase their own individualized security systems, though I think this is something you would want to outsource.My hunch is the first option. What do you guys think?
We moved from dedicated servers into Rackspace’s cloud last year.I assume at some point that we’ll have an AWS-type service interruption (has not happened yet).But I’m happy to trade service interruptions in place of harddrive failures.
I continue to believe that hybrid solutions are the way to go, neither only desktop nor only cloud.Also, I don’t like to lose control if my Internet connection go down or if it’s not available in some place.On the security side, it’s truth that a business opportunity exists, but security is not just about technical solutions, if you are spied in some way they can read your information even if the cloud is “completely secure”.Finally, there is a missing point in the discussion: Usage of your private information as input to algorithms. Your information is not disclosure but the data is being used to build other services. A trivial example is Google Ads on Gmail.What happen if they are used to predict like https://www.recordedfuture…. does?
I still need to have my software match my customers, they demand my work computer use their encryption software, and that all files be store on my laptop or their servers so general cloud services are out for me. That said, IF I traveled a lot and my coworkers could use the same services, I’d jump on it like a kangaroo. I agree that the backup and security issues are either manageable or will be addressed in the very near future.
Is off-line working the the Chrome Gmail app now? Go into the Chrome store, there is an app for Gmail. The idea is that is caches the most recent 10MB or so of mail locally and then holds your responses until the network becomes available. I believe they are working on similar apps for Google docs too.When these apps are complete you should be able to continue using Gmail and Google docs off-line and when the network comes back everything will sync up.
I agree that security and backup solutions to cloud services present a great opportunity for developers. A number of the services I’ve been using offer data backups that can be downloaded in xml format. This makes sense, particularly when you have relatively complex data sets such as CRM/project management backups. However, not being a techie (like most users) means it is hard for me to make sense of that data and import it into another service.I would have thought there was a good opportunity for a conversion/translation app. that would reformat the data into a format that other apps can recognise. Maybe it already exists?
Martin, We are working on it: http://cloudHQ.net As of now, we have Dropbox + GoogleDoc ( http://cloudHQ.net/dropbox ) and Sugarsync + GoogleDocs ( http://cloudHQ.net/sugarsync ) integration in private beta. We strongly believe that integration of multiple SaaS solutions (search, synchronization, access management, provisioning, etc.) is the future.
I think this is very powerful. While cloud apps such as Google docs are convenient for certain solutions – there is often a need to use desktop applications. We’re very excited by this SugarSync + GoogleDocs integration and so are our customers!
thanks, Senad. Have signed up for a beta invite.
Most security breaches that I’ve heard about have been caused by people not following procedures properly rather than inherent systemic weaknesses.
PUT UNENCRYPTED DATA IN OTHER PERSON’S SERVER IS PRETTY SERIOUS SYSTEMIC WEAKNESS.
But nothing compared to securing your wifi but leaving your wifi admin account username:Linksys PWD:admin.
how do you connect onto linksys router if the wifi is encrypted?
HUMAN NATURE BIGGEST SECURITY HOLE OF ALL.
I love cloud-based solutions. They make my life better every day. But I’m neither that concerned about the cloud going down (I have Backupify) or security (I tend to fall into the same camp you do, Fred).What really pushes me away from total cloud reliance today is a lack of reliable broadband.Some day, the rest of us will have broadband at the level of quality and reliability that those of you in big cities have. But I wrestle with bad connections constantly.Our main home connection is a Verizon 3G MiFi device. No cable or DSL here. We pay $10 for each 1GB we use above 10GB, which often means we pay $100/mo for 12GB of usage.When I travel, I carry a Verizon 4G hotspot device. Some trips it works beautifully. Others (like my last trip to Chicago), I can barely get a signal.In the last two hotels I’ve stayed in, both had completely unusable wi-fi network. The first one, I could get good signal on my hotspot. The second, I couldn’t, but the wired ethernet fortunately worked.All this to say that I never missed a beat because of these problems, because I structure all of my cloud activity to sync and still be 90% productive when I go offline – which I have to do way more often than I wish I did.The cloud will get even more powerful when 4G-level networks blanket the globe and all of our buildings – when it really envelops us in signal.I can’t wait.
YOU SMART GUY.ME, GRIMLOCK, TRAVEL LOTS, DO SAME. SIP AND SYNC RIGHT PATTERN UNTIL 100% BROADBAND AVAILABLE.MAYBE IT COME AS STANDARD FEATURE IN FLYING CARS AND JETPACKS.
The last mile is a huge issue. it is is expensive, and it may not be worth the cost to place that last mile in the middle of nowhere.Should we treat broadband the way we treated phone service, running water, and electricity?
WANT ALL HUMANS LIVE IN FUTURE TOGETHER? THEN BROADBAND A UTILITY.WANT LEAVE SOME HUMANS IN PAST BECAUSE THEM POOR OR LIVE IN WRONG PLACE? THEN LEAVE BROADBAND AS PRIVATE LUXURY.
Or could the next generation of wireless technology, open spectrum and a bunch of competition solve this?I don’t know but I hope so…
i saw your comment about that yesterday aaroni totally understand that issuebut i wonder if it is an issue for the majority of people who live in thedeveloped world
Definitely agree it isn’t the majority.But my guess is it affects 70% of people 10% of the time, and 25% of people 70% of the time.I’m in the latter group but it doesn’t lessen my desire to see the cloud win.
All Dropbox like services should prompt you with encryption for your data, with the key being owned by you. For example, when you upload something to the cloud you should always see these 2 options “Upload” and under it “Encrypt & Upload”. Dropbox themselves have proved that companies likes these can’t be 100% trustworthy, especially when it comes to the Government wanting to take a peek at your data (or more recently RIAA). If they all prompt their users like that, I believe 30%-50% of the uploads to the cloud would become encrypted.
We at cloudHQ (http://cloudHQ.net) believe that that synchronization of documents between multiple SaaS solutions is crucial for many companies and professionals moving to cloud. The point is that your data should not fragmented and “locked out” behind different SaaS solutions. I.e., why should I use Basecamp to edit (upload/download) some document attachment when it is already in Google Docs. For example, with cloudHQ you can edit document in Dropbox using Google Docs interface (see our Chrome extensions: https://chrome.google.com/w…
To my mind, the most critical point you made here is, “I believe that services will go down occasionally.” This is true for *all* services. If you run on your office network with an in-house server, it (and the ISP and the VPN, etc.) *will* go down occasionally The question for the move to any alternative services is never, “will it go down” or “will it be insecure”. The question is, “what will its profile be compared to our alternative (i.e. what we have right now).”
Fred,The cloud is just — other people’s servers. It’s not a magic space.Whatcha gonna do when they fail?Hope you have back-ups down on earth.
Hmm. That’s an inaccurate over-simplification. The Cloud can be managed to be magical. It’s not just a bunch of servers somewhere. There’s software that manages all that, AND when you make your App understand it’s cloud-based, the magic can happen. It’s not just about backups,- it’s also about redundancy and smart ways to switch in and out of various instances depending on performance & other factors.
it sure feels magical to me
Hey, I will look for you at TechCrunch Disrupt.Can you believe I won a free ticket?!
that’s fantastici can rely on you to ask the hard questiontoo many people are just suck ups
But the cloud IS pretty damn magical.The term “paradigm shift” is so overused and misused it has no meaning anymore. But the shift from being local-storage-centric to cloud-centric IS a profound change, especially as a user.It has taken years for the bandwidth, standards, and apps to be robust enough but it is clear to anyone and everyone who has taken the leap that this is far superior in just about every way.As for those fragile irreplaceable bits of content… the cloud lets you put duplicates of those key assets in SEVERAL places.
Megatrend within megatrend.
Clearly mostly remote ‘cloud’ computing can work for some users, but I have to conclude that for most users doing the most ‘intense’ work it can’t work yet. E.g., for me, for my most important work, I have about a dozen windows open at once, and a key part of the work is what I type in. So, I want the biggest screen and keyboard I can get. I am sad I can no longer get the old Anykey keyboard with a second copy of the function keys on the left.In history, ‘remote’ computing on mainframes was heavily replaced by supermini computers in departments, and then those computers were replaced by PCs. The main reason was the clumsiness of the remote systems and their large support groups. So, history gives remote ‘cloud’ computing a long, steep hill to climb.This hill was so long and steep that PCs won even though they made users their own system programmers, managers, and administrators worrying about hardware details and configurations, software installation, configuration, and updates, system security, system capacity, backup and recovery, and problem detection, diagnosis, and correction. It was a long, steep hill for remote computing and promises to still be.Yes, desktop computing has some serious problems that need fixing. Maybe remote cloud computing will grab enough desktop users to make the desktop part of the industry improve their products in some of the many obvious ways large improvements are very much needed.
I find it interesting that you sync your critical data to a local machine. I think this is an example of a great use of a hybrid cloud + desktop solution like SugarSync. With this you get the best of both worlds – the access, availability and backup of cloud with the offline availability plus powerful capabilities of desktop apps.
What about the legal issues? Who is liable when my clients info is lost or inaccesable by a third party in another country with different laws? Is it my fault? Cloud services almost never accept liability in those cases. The problem for me is I live on an island and almost all cloud services are somewhere else.
Saw the new Google cloud laptop this week. Thing is smoking fast. Will be great in cities that have tons of wifi available. also great when paired with 3G mifi type installations. As light as a Macbook Air and bigger display. Only problem is you have be comfortable about being connected and being on a cloud. Wonder what the price point will be? Will it include cloud subscription? 3g/4g access? seems like those cost will be recurring as they allow the vendor opportunity for long term membership revenue as opposed to single expensive transactions.
I’ve moved most of my life to the cloud, but the one thing that remains are personal photos/videos. These are irreplaceable family memories, and I feel overly paranoid in preserving them. They are currently stored on a local NAS, which is backed up to an external drive, and then also stored on Amazon S3. I also upload them to Picasa for sharing. The more valuable and irreplaceable the item, the less comfortable I am depending on a single storage source.
interesting pointi have a huge number of person videos and photos we all took in the earlydays of digital on a server in our basementbut since i moved to taking all my photos and videos on my mobile (three orfour years now), all my images and videos are in the cloud because that’sthe easiest way to get them off the phone
I currently manage all our home devices, so I make sure that the photos from the SD card back up to the NAS, and that my wife’s iPhone photos make it there as well. This is a semi-manual process, but I make sure to do it once a month (around the time I do bills). I can see how this can get difficult to manage, especially as the number of devices and household members grows. The ease of the cloud in this case is very compelling. Maybe the key is to back up to multiple cloud destinations so I’m not dependent on any one.
Actually, getting the photos and videos off the phone is still an issue for most users and to provide adequate security for that data it needs to happen regularly and automatically.SugarSync is the first solution in our category to do this – that feature is shipping now on Android. Would love feedback from this community!https://www.sugarsync.com/b…
If they all prompt their users like that, I believe 30%-50% of the uploads to the cloud would become encrypted. Kamagra
I am going to make an analogy of Banks and Cloud providers. We have all had experiences with a Financial Institution…good and bad. I used to work for a Community Bank and often wondered why customers would pay a mor for our services. It came to this, “Service” and the fact that they could walk in the branch and have someone know who they were. Of course some customers did not need that and they were happy to be at a big bank. So, there was a market for both and it seemed like some of our customers were loyal because they had been burnt by a big bank. It is the same in the Cloud provider market there are huge providers who will never know or care who you are. They will rubber stamp your needs and if this works for your you or your company than you might save a few bucks. However, if you are looking for a small provider that cares if your technology works and is working then a smaller provider might be right for you. When you are down it is more than nice to hear “Hi Frank, yes we know there is a problem and we expect you to be back up in…” If you are looking for a small provider who cares please talk me about [email protected]
My biggest obstacle to totally making the transition to The Cloud is – still, even in the UK – the lack of high-speed WiFi/Broadband and when it is available, the lack of reliable bandwidth – eg, in Cities it (WiFi via 3G) becomes more or less unusable because of demographics/demands and at weekends it again often becomes unusable because of the number of leisure users online.And don’t even start me on UK semi-rural problems. I am just 30mins from Leeds/Sheffield and 45mins from Manchester yet my best home Broadband service available is at a speed of ~1MB… and it’s rarely that ‘fast’.Until connectivity becomes ubiquitous (in terms of speed, bandwidth and quality) I remain wary.
This conversation has inspired me. Any suggestions on companies that can facilitate creating datawarehouses on the cloud?
Issue no. 3: lacking of communication channels between different service provider. The “cloud” – Joukuu Blog http://t.co/mj2RWtF
Some day, the remainder of us will have broadband at the level of quality & reliability that those of you in huge cities have. But I wrestle with bad connections constantly.ISO 9001
I have to disagree with most of the comments here about security and privacy. Especially ones reflecting this attitude:”Ask SF.com how they run their entire business on a cloud infrastructure that was deemed good enough for the Fortune 1000’s who are using it to share critical sales and client data. I don’t remember hearing of incidents involving that cloud.”I’ve worked in the Fortune 500 infosec space for 15 years and the truth is that the security stamp of approval placed in the sales and marketing materials is about as good as compliance requirements used to get it. Requirements like FISMA, PCI, and others are what we use to deem the service is “good enough” for critical and confidential data handling, but those of us working in this space know they’re hardly what matters. And the fact is, it’s not the security incidents you hear about that should worry you, it’s the ones you don’t hear about.
Folks, ya know, it does not take a big broadband connection for Google Docs to feel productive.Fred, I am right there with you. Been mostly cloud (other than presos and occasional graphic design) for over 3 years.BUT– the surprisingly large hole in this otherwise magical-feeling scheme is mobile access to google docs. Does it annoy you as much as me that we do not have a decent way to edit Google Docs from our phones and tablets?With modern mobile browsers (eg iPhone and Android) and powerful tablets (eg iPad and Galaxy Tab), I am astonished that Google or others have not risen to that opportunity.