[Can offices of the Indian Government use the cloud infrastructure? A letter of Ministry of IT which is more than two years old advises against use of foreign servers for hosting Indian government websites. This advisory does not take into account the advent of cloud computing platform but effectively prevents use of cloud computing for all government departments. This article discusses the existing misconceptions about using this technology and difficulties face by government organizations.]

What is Cloud computing?

Cloud computing refers to a pool of abstracted, highly scalable, and managed computer infrastructure capable of hosting end-customer applications and billed by consumption. Cloud computing is very different from the normal N tier architecture of creating servers restricted to a single datacenter. It uses the power of multiple servers functioning from multiple geographic locations around the globe simultaneously optimising on resources based on diversified load distribution, as shown in Figure 1.

Figure 1: Cloud Computing

Source: http://en.wikipedia.org/wiki/Cloud_computing

In other words it is the “economies of scale” which cause costs to come down drastically. Multiple servers and locations enhance reliability and availability to almost hundred percent of the time. On the other hand, to create and maintain an exclusive system that is this reliable would cost millions. For instance, it is estimated that worldwide only 15% of the capacity of datacenters is used which means that about 85% of the potential is lying idle. Add to this is the high level of obsolescence, prohibitive cost of support infrastructure, and requirement of highly skilled engineers to run the system. An exclusive datacenter is thus clearly an unviable solution from an economic point of view.

Cloud services are broadly divided into three categories, as shown in Figure 2:

§  Infrastructure as a Service (IaaS): Infrastructure services and platforms that are used to deploy cloud applications

§  Platform as a Service (PaaS): Application services and platforms that enable cloud applications to be built

§  Software as a Service (SaaS): Applications that are made available to customers on demand

Figure 2: Cloud Based Services

In cloud computing it is impossible to specify any one location for the servers. The computing infrastructure of all reputed companies in the cloud computing sphere spans the whole world and is not restricted to just one country. Just the way the Internet is not exclusive to any one nation, so is the Internet cloud. It is the technology of the future, focused on sharing and optimizing resources. According to Nicholas Carr, author of “The Big Switch: Rewiring the World from Edison to Google”, the strategic importance of information technology is diminishing as it becomes standardized and less expensive. He argues that the cloud computing paradigm shift is similar to the displacement of electricity generators by electricity grids early in the 20th century.

How secure is the Cloud?

Security of data has very little to do with the physical location of the data. The recent hacking of servers of the Ministry of External Affairs, Government of India, located in the safest rooms of North Block is a case which proves beyond doubt that physical location of servers does not provide any extra security. The data is stored in electromagnetic form (binary codes) and transmitted as electromagnetic waves. It has no physical form and thus is practically invisible. Hence ascribing physical protection or boundary makes little meaning. For example, electricity cannot be locked up in a room and the same is applicable to electronic data.

Data security is provided through encryption, firewall and procedures. All of these are covered in standards such as the ISO 27000 series, to which reputed Cloud based solutions comply. The better the firewall and encryption techniques, the higher the level of security. High quality firewall and security systems are prohibitively expensive and hence to create such an exclusive system would be eventually unviable. For example, it is not economically viable to have a firewall of Rs 5 million for an application costing Rs 10 million. Yet, it is possible to have the very best security system if one can optimize on economies of scale. Thus it is seen that private datacenters find it difficult to match the state of the art security offered by reputed cloud service providers for data and applications.

Which is critical to security of data - application or hardware?

This crucial question needs to be answered before we tackle the larger issue of security. The software application is very seldom decoded. For instance, Microsoft has not let out its source code to its customers. Every one knows how Microsoft updates its applications. A subroutine built into the software application throws out data which reaches its destination traveling through many routers and informs the Microsoft server that so and so computer belonging to so and so person located at so and so place is running registered software and is in need of such and such updates. The link is established and communication takes place unhindered. Theoretically it is a Trojan but a good one from the Microsoft point of view. In other words a software application opens up thousands of ports for communicating with the servers located in remotest corners of the world.

Can hardware be a bigger security hazard than this? In fact, the hardware can do nothing on its own and is completely controlled by software.  What Microsoft does is also done by others including SAP , Oracle, Norton and all commercially off the shelf applications (COTS). Hence, by this yard stick we will have to ban all COTS solutions too.

What are other countries doing?

We cannot deny the obvious - innovation and change is inevitable for being competitive. Most of the developed countries like USA, Japan and many European governments have adopted cloud computing with little hesitation. They have understood the merit of the new technology and have encouraged their governments to get better value and service. Japan Post is one such government undertaking that uses SaaS on saleforce.com. 

Conclusion

Information Technology is ever changing. In the past people have moved from mainframes to desktops and from local data centers to centralized infrastructure. Similarly, in the software sector companies are using ERP in place of bespoke applications. Moving to cloud computing - an integrated, flexible platform is the next big step. The cloud is more reliable, cheaper and fast to implement as it uses economies of scale. New technologies leap frog in geometrical proportion. Policy makers have to be nimble to reap their benefits. History has shown that countries who have adopted newer technologies faster have always controlled the laggards. Let us make a beginning.