In every 5 years recession teaches us something and technology transformation become inevitable. I am very fortunate that I witnessed Y2K bug rectification boon, Dot Com burst, ERP Menace, now the technology consolidation in Just 12 Years. Started career from centralised computing era; now designing a solutions to go back on centralised computing in distributed way. What does it means? Yes I am day dreamer and article is imagination of mine based on certain hypothesis. As imagination is mother of all inventions.
I am dreaming that law making agencies will help the adoption of cloud computing. Some of my college in security domain might be thinking that what rubbish I am taking about because some of the security world experts are opposing the cloud adoption putting security and compliance as one of the constrains while I am dreaming that governments should facilitate the cloud adoption. But why?
By the end of 2009 most of the organizations realised that they are not able to meet their financial target. All economists were trying to figure out what could be root cause. In last 5 years the technology transformation happened in a way that technology control is gone out of IT Department hands and now business is driving the IT. Means IT become facilitator to provide the solutions to business. Word impossible is replaced with “what’s a cost”. ERP/CRM Menace happened because technology investment was in hand of IT but now the case is reversed. Technology investment is in hand of business. Then what’s wrong? Here is my observation in 2004-2005 the numbers of equipment required to cater the same set of users got doubled means in 2004 if solution is using “n” number of devices now it’s using “2Xn” for 1000 user base. Yes 04-05 we had a lot of constrain.
That’s not only my realisation but lots of people realised that and they also realised that all the investment is required only for specific period of time. Once systems stabilises the infrastructure requirement get reduced. Separate infrastructures are not required for development, build, test and production environments. But once systems are leased or money is invested it’s invested no one are ready to relook at the comprehensive solutions. I witnessed that there are 100’s of servers in data centre are consuming energy for nothing. Reason support people are too busy or having their own apprehensions for decommissioning of those infrastructures. And then the cost cutting measures came, ya bang on target when it’s required most. Now world should realised what is wastage.
Also new buzz word was quite common in business i.e Cloud Computing. In simple term pay per use; means if it’s required pay for it, If not required then don’t. How it’s helping organization? The lazy IT staffs are no more constrain for decommissioning of infrastructures (Commissioning and decommissioning are and process driven). The costs of running infrastructure if it’s not in use are transferred to service providers. Organizations are least bothered why it’s switched on if it’s not in use. And also there are no time constrains to expand the infrastructure when it’s required.
Then why we are so lazy to migrate to cloud? Here comes the million dollar question? Security and compliance are one of the key factors. Which is pushing back organization? We need assurance frame work which will not only facilitate the cloud migration but also ensure that their modes of operation are in compliant to cater all the regulatory requirements. And hence national agencies can provide the service to the customer can be called TaaS (Trust as a service). Some of the enclosed below paragraph will highlight the resolutions of some of the key constrain areas.
Addressing a Compliance Requirement
None of the regulatory act of world’s standard demonstrate business that where they should store and process their data. They only defines that you are responsible for data of yours and should provide all the essential controls to protect data you are responsible for. Security terminology revolves around the CIA triad. So let’s see how each of the triad pillars can be addressed in cloud environment. Some of the solutions enclosed below are part of my imaginations, white papers, Hypotheses and some of them are learning from the students of UTS during my visit. Students imagine more than us as they are not exposed to the real world work issues like corporate politics, business logics and other.
Address Confidentiality with SSEXS i.e. (Strip, Split, Encrypt, Exchange and Store). Solutions can be easily designed which will utilise more than one cloud service providers to store most confidential data with least chances of data leakage by service providers.
Let’s take two examples where data is stored with cloud service providers one where we are taking the storage space only as a service another we are taking the database application as a service.
First case as soon as databases are accessing the storage space SSEXS is applied that means the intermediatory device or solution which is sitting between the database and STaaS will do the SSEXS.
- First it will strip the encapsulation of data (Since with existing technology we are doing the wrapping of data again and again to make them in compliant with latest technology and unnecessarily we are increasing the data offload if you look at all the communication protocol today it uses 20-50 % additional bytes to ensure the original data are intact and reaches to right part in the system these additional bytes could be encryption, address, CRC or anything. Now it’s a time when we should offload all these burdens from actual data set.
- Now Split the original data set into number of pieces which should go to original storage service providers (varies from 2 to N depending upon the criticality and essence of data).
- Encrypt the splited data set with encryption keys.
- Exchange the Encryption keys and Data Set.
- Store keys and data with service providers.
Second case where we are taking the complete database AaaS from service providers. As soon as application server at business logic is trying to access the data set stored in databases stored with service provides the intermediatory device will perform the SSEXS.
- Strip the data set from their encapsulation cocoon.
- Split the dataset which should be stored on the database table of service provides based on some logic. (3 or more)
- Encrypt the data sets with encryption keys.
- Exchange the encryption keys.
- Store the keys and data with service providers.
Addressing Availability with TDRL i.e. (Time Dependent Resource Locators). Since the inception of concept of content delivery based on the requestor location the resource locators and the dynamic delivery of contents is matter of fascination for me. One of the leading content delivery service providers is Akmai. They created their own logic of resource locators and content delivery mechanism. They call it “arl” akmai resource locators. Since the location barrier and constrains are getting obsolete (as now data can travel faster than light) but we can make it more useful for Mother Nature. I started thinking why we can’t optimise it and make it bit more dynamic. Don’t know in future such logic and delivery mechanism can be called as “grl’s” no it’s not a spelling mistake of “girl’s” its green resource locators.
Based on individual system setting the resources and content delivery will be directed to the location from where green resources are allocated to you for computing. Say for example my system setting is set for green computing then as soon as resource request is passed on the service provider they identify the location where the resources are available on renewable source of energy or having less carbon footprint to make that resource available for you.
Going in depth of concept let’s assume service provider A is having data centre in Canada, USA, Finland, Japan, Australia and South Africa. Data sets are replicated across all the data centres. When user A of USA is making a request to access certain resource in daytime of USA the resource locator is redirecting the traffic to either USA DC or Canadian DC (Based on the requestor system setting, carbon footprint calculation and availability of resources). While if User A is trying to access the resource in night time Data centres of US and Canada are working on minimum power since it’s using the energy not generated by sun light so resources are made available from Australia or Japan where day sunlight is available to convert it in to the energy and provide energy for data-centre operations .
Addressing Integrity Don’t you think that if above two is addressed properly integrity can be taken care automatically. That’s with the help of data redundancy check and encryption/decryption keys. Since data set are stored with more than one service providers and on multiple data-centres. Any accidental loss of data can be easily recovered. Say if during the data replication there is discrepancy in the checks and balance of data set the third data-centre will be referred and the data set which is having similarities in more than two data-centre will take priority and will be referred as a final data set which will be replicated across.
Second since all the data sets are stored in encrypted format with crossover exchange of keys means it’s ensuring the non repudiation. Records can be re-punched not manipulated. Say if there is need to update the record “A”, then entire new record “A-1” should be created with new keys and old record will be discarded and redirection of record “A-1” is provided.
What else can be done to make clouds more green and viable solution?
Government can add the monitory benefit and regularise to have greener approach. Some of them which I am able to think it off are as.
1.) Some kind of tax rebate on the data-centre income of service providers if their energy consumption is getting reduced by 10/15/20 % every year.
2.) Subsidise equipment availability for usage and generation of energy by renewable energy sources in data-centres for cloud infrastructure.
Usage of cloud in this way not only makes our environments and earth green but also going to make word much harmonious. People will be world citizens not only a country specific and countries cross dependencies will increase which will enforce them to be tolerant with each other. Non repetitive work for citizens is going to reduced and many more.
You might be thinking in all these process what’s a role of government agencies? Here comes the trust. National agencies should facilitate the development of such an intermediatory devices and solution. Not only that they should also derive the compatibility standard so that development of cross platform solutions should be easier. Create a certification programs for all cloud service providers to qualify them for storage of different classification of data.
WIIFM for Governments
But why the government agencies should do this and why they should facilitate these kinds of activities. Reason is quite simple; for nation and world interest. It has been proven that cloud migration is chopping off the energy consumption varying from 30 to 50 percent annually. Means low carbon foot print. Some countries can come up as Green Cloud Service Provider Countries (Like Finland and Australia both countries are stressing more on reduction of carbon foot print and trying to get more than 15% of their energy from renewal sources also climatic condition of continent help data centres hosting with less air-conditioning requirement). Some countries (Like Switzerland and Singapore) can help organization operating out of their land to have redundant green and safe data storage which can be retrieved easily in case of disaster and meet the global and different countries regulatory requirement with reduction in their carbon foot prints. Countries like India and other African, Latin American countries can build the ties and have safe, cheap and green data storage and processing capabilities for projects like UID for citizens without wastage of too much non renewal energy sources and many more. But at least start dreaming about it.
Your feed-back on imagination of concepts is highly appreciated. In future any time after 5/10/20 years if you come across with this article for your work or research please don’t forget to post your feedback.