Question about cloud computing to Vinton Cerf, 26.5.2011, Berlin
Gemeinsame Veranstaltung der Konrad Adenauer Stiftung und der Heinrich Böll Stiftung,
How will security aspects and cloud computing develop in the future - long-term but also mid-term?
“Good question. I would like to suggest to you that cloud computing is in a state now, in 2011, where networking used to be in 1973. So what did we have in 1973? We had proprietory networks SNA, DECnet. And the proprietory makers of equipment love this because if you wanted to have a network of IBM machines you can only buy more IBM machines to put it on the net, because they didn´t talk to the Digital Equipment machines or the machines of Hewlett Packard.
We have a similar situation with the cloud right now. You could use the cloud at Microsoft, you could use the cloud at Amazon, you could use the cloud at Google, you could use private clouds that IBM makes, but they don´t interconnect with each other. In fact, if you look at networks in 1973 before the internet design, there wasn´t even any vocabulary for saying “send this to this other network”. Each network thought is was the only network in the world. Most of the clouds think, they are the only cloud in the world.
Now Google has made a commitment. It is called “data independence”. And what we mean by that is, if you put information in the Google cloud, you should be able to get it back. Now that sounds good on the surface. But most of the interfaces that we and others offer for cloud use - things like laptops talking to the cloud, pushing information into the cloud pulling information out. Let´s imagine for just a moment that the information that you managed to put into the cloud was accumulated over a period of time, maybe it is in the Petabyte range, 10 to the 15th bytes, and we say to you, well if you want this information back just download it into your laptop. So, problem number one is you may not have a Petabyte of data available on your laptop and second the data rates that are available might be if your are lucky 100 Megabit a second, maybe even a Gigabit a second. A Petabyte even with a Gigabit per second may take a little while to download. So the question is what to do? Any the answer is, the best way to achieve the transfer is not to download it back into your laptop but if you intended to move it to another cloud, you want the two clouds to be able to move the data back and forth between each other.
What is the problem? The problem is, we don´t have standards for intercloud interaction yet. Just like we didn´t have standards for internet interaction in 1973. This is a non-trivial exercise. Clouds are not functionally the same, the kinds of applications you can run in the clouds are not identical, the way in which the data is described in the clouds is not necessarily the same. And the hardest part, the security part, the ability to do access control on the data that is in the cloud. So as an example, in the case of Google if you are using the Google docs system one of the things you can say is “here are the following people whose Gmail addresses I have identified who can get access to this data, anyone else is blocked”. Now, you have to rely on us to have actually implement that, but your intend is to make sure that parties who should have not access to the data don´t get it. So you have expressed an access control policy.
How do I move that access control policy to another cloud? How do I make it understand who the parties are or which parties have access to the data when it moves. We don´t have protocolls for that. So it is my view that we should be working on that. There are different standards groups attempting to wrestle with how clouds should interact, but it is vitally important that we get there for two reasons: As users of clouds you don´t want to be locked into any parties cloud, we believe that at Google too, you also want an efficient way of being able to move data or copy data to other clouds. And if you are as ambitious as I am about this, you want to be able to take advantage of functionalities in this cloud and functionalities in that cloud at the same time, allowing computations to take place, data to be exchanged between the clouds without having to go through your laptop which is actually controlling the applications you are running. This is a very big challenge, is a very big ambition, but in fact unless we do that, we won´t have the same capability in the cloud space that we have in the internet space to get things interact with each other. So we have to solve that problem. And when I am in universities, and I have been twice in the last couple of days, when I make a list of the unsolved problems intercloud communication and access control is one of them. And I keep hoping there will be a lot of PhD dissertations come out and solve this problem.”
MP3-Mitschnitt der Veranstaltung, die transliterierten Abschnitte sind: 1:06-1:12
Ankündigung der Veranstaltung
Artikel in der ZEIT: Cloud-Dienste sind noch am Anfang, Kai Biermann, 1.06.2011
Wikipedia Artikel über Vinton_G._Cerf
Wikipedia Artikel über SNA, Systems_Network_Architecture
Wikipedia Artikel über DECnet
Petabyte (PB), 10 15 Byte = 1.000.000.000.000.000 Byte