But the vision espoused by cloud computing analysts, and vendors, is that compute workloads can be moved anywhere, anytime. Cloud standards and processes are under way to allow this to happen at a technical level, but there is not enough transparency in many cloud services to state where, precisely, workloads are processed. Services like Amazon's Amazon Web Services can restrict workloads to regions but are unable to dynamically transfer loads between sites because of bandwidth limitations. Load sharing between data centers requires specific changes to your virtual machines and systems, which, combined with physical limitations of bandwidth, enforce localized access today.
Conceivably, a repeat of call center off-shoring is a natural event. Once the first- and second-generation clouds are built, the workloads will simply be "outsourced" to the lowest-cost destination. You may not even know that your data has shifted to countries like India or China. There are startups working in the market of "cloud brokering," such as Spot Cloud, that are precursors to dynamic cloud platforms. The dynamic nature of this data movement means significant challenges to the legal frameworks and corporate integrity of business.
The Impact
Society is still coming to terms with the impacts of the security of our personal data as it moves to India and back as part of the off shoring contracts associated with call centers and back-end processing. For example, not long ago, IBM sold development services and then off-shored them to India. Let's assume that IBM sells you a cloud package. How would you even know if they have off-shored your data and software to another country? Does that country have a legal system that mandates the security of your data? What about protection against industrial espionage? Or the internal security bodies of those governments? The precedent has already been set with call centers--off-shoring and exporting services is perfectly acceptable today.
What are we going to do? China has many advantages to take a significant global stake in cloud computing. However, there is also an imperative to maintain control, to identify legal liability and have good security of data. While the IT Industry is addressing the technical challenges, it seems clear that the regulatory, privacy and legal liability issues are not being addressed in enough detail. Companies should take great care to ensure that they evaluate their external computing with these values in mind, not just a focus on the bottom line.
Find more about cloud computing in Research: 2011 State of Cloud by subscribing to Network Computing Pro.
