reading 07

Published on by sarahdevitt

From the readings and in your experience, what ethical concerns (if any) do you have with Cloud Computing? What exactly is Cloud Computing? Considering the Internet meme that “There is no cloud. It’s just someone else’s computer”:

  • As developer, what are the advantages and disadvantages of the Cloud? Describe any experiences you’ve had in using the Cloud as a development platform, what led you to use it, and if you plan on using it in the future.
  • As a consumer, what are the advantages and disadvantages of the Cloud? Describe what sort of Cloud services you use on a regular basis. What trade-off are you making in utilizing these platforms?

The other weekend I went to an IEEE conference where we had some people from Workiva, a company that creates a cloud-based compliance and risk platform used by many major companies for SEC compliance. What they talked about was cloud-computing and the security behind it and what it means for us as engineers and as consumers. The focus was using the cloud as a computing utility, and how it can work to our advantage.

They spoke about how the cloud is actually a very useful thing—you can store large amounts of data, that would require multiple servers and data rooms offsite. And you can access it any time and you can harness the extra power to run operations at a faster and higher speed—such as compressing human genomes, or having thousands of people play Worlds of Warcraft at the same time.

For example, the company I worked for last summer, an engineering construction consulting firm, stores all of their data offline. They have thousands of different blue prints and designs stored at a separate location because in this instance, they didn’t need to always have the information ready at a moments notice, and so it was cheaper to store it offsite than to try and accommodate the storage and power consumption required to handle such massive amounts of data in a small Chicago office space. They did have several servers at the office, which many companies actually use, called a hybrid cloud, in order to run AutoCAD and Revit, two different modeling systems that required a lot in order to run. So therefore, it was beneficial to be able to use those servers purely for running AutoCAD and Revit, rather than storing data. Ironically enough, this company actually designs the data centers used by cloud computing companies. These data centers are heavily temperature controlled and designed purely to be as efficient as possible—in terms of power, physical space, and storage space.

But back to Workiva. Something the presenters said really stood out to me: “Companies pay us money to protect their information.” They did talk about security breaches they’ve seen—Mongo HQ, but also with Snapchat. A simple break in Snapchat’s security algorithm meant that millions of users private phone numbers became public.

Obviously by giving data to another company, you are relinquishing some control of that information, but it is also the goal of the cloud-computing company to ptrotect that data as much as possible.In terms of security with cloud computing, the company that stores your data is being paid to protect it. And they’re being paid to prevent it from being broken into by hackers, and they’re also being paid to protect it from government investigation as much as possible too. I looked at AWS’s Privacy Policy to see what their thoughts were on all of this. And this is what I found:

AWS will not disclose, move, access or use customer content except as provided in the customer’s agreement with AWS.

They also adhere to the Safe Harbor program designed by the U.S. Department of Commerce. Ultimately the program says this:

  • Notice – Individuals must be informed that their data is being collected and about how it will be used.They must provide information about how individuals can contact the organization with any inquiries or complaints.
  • Choice – Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
  • Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
  • Security – Reasonable efforts must be made to prevent loss of collected information.
  • Data Integrity – Data must be relevant and reliable for the purpose it was collected for.
  • Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
  • Enforcement – There must be effective means of enforcing these rules.

I agree with what a lot of these authors said about cloud computing—that the benefits of using the cloud outweigh the security benefits. The Department of Defense claims to have its own cloud computing system. But actually, it’s just their own private servers, which isn’t actually a cloud based system at all, just some extra servers at all. This I think brings the entire idea of ethical cloud-computing into perspective for me. For the cloud to be as secure as possible for each company, they would have to have their own personal cloud but that defeats the whole purpose because that just means they’d have more of their own servers, which is what they’re trying to move away from in the first place. In the same way that you won’t lay your own pipe, power lines, or telephone wires, neither would you have your own servers—it’s makes more sense to outsource it.

Leave a comment