What do Gmail, YouTube, Twitter, and Facebook have in common?
Courtesy: IBM

They are all examples of cloud computing. And they work well, as Google, owner of Gmail, YouTube, Blogger, and a variety of cloud computing technologies, understands far better than many others in the information technology business.

This article was written in Google Docs, a cloud application, in order to demonstrate the seamlessness of the technology as it applies to web technology and conventional desktop applications.

Google’s Gargantuan Cloud Bank

The most successful information technology firm since Microsoft, Google is a dedicated evangelist of cloud computing, defined as moving data and applications from company-owned enterprise computer servers to the shared resources of the Internet. Google believes that the cloud is the next great thing in information technology. The company may be right, and plenty of folks are betting that Google is on the money.

If Google and other advocates of cloud computing are correct, computing, including enterprise computing, becomes a shared utility, much like electricity. Google becomes the Edison of computing.

IBM, the venerable graybeard of computing, is also ponying up big investments in cloud computing. The company has launched a series of television advertisements at U.S. sporting events touting the cloud, in its many definitions. See this  video of IBM’s take on cloud computing.

Google offers a range of cloud computing applications, from Gmail to word processing (Google Docs), to spreadsheets, to presentations, to mapping (all direct and effective challenges to Microsoft’s desktop paradigm), to an excellent online calendar, to a plethora of services once on your desktop computer and now up in the cloud. Its latest launch is Buzz, a Facebook-like social network application that has taken heat for, initially, automatically connecting Gmail users, their contacts, Picasa photo albums, and more to Buzz. Google’s goal is to own the cloud and maximize the resources and services that supplant company-specific, desktop enterprise computing.

We reviewed the fundamentals of cloud computing in MANAGING POWER’s January-February issue. That article addressed why cloud computing isn’t just a reincarnation of computer time-sharing of the 1970s but a new approach to wide-area networks. It’s a wide, wide, wide, wide world.

The business promises of cloud computing are clear: lower cost, higher performance, simpler interfaces, and costs scaled to use. That translates into less money locked into the ever-increasing company IT budget, and more financial and operational flexibility.

Cloud Power for the Power Industry

For the power business, cloud computing offers big benefits in areas where utilities have huge customer databases, often shared by other utilities. Also, companies with multiple generating units, or large single units, have needs for enormous parts catalogs and inventories, repair manuals and practices, and maintenance routines that can benefit from a cloud approach that doesn’t tie up company capital in server islands and proprietary databases. That can reap cost benefits from sharing across the company and the industry.

Combo utilities—including those that provide electricity, natural gas, and telecommunications (and, with some munis, water)—may find cloud computing approaches to customer information worthwhile. Instead of company-specific or service-specific databases, it may be possible to share data across detailed customer information packages in multiple databases. Regional and multiple-service utilities may find cloud computing a lower-cost approach to reaching broad customer markets.

In this article, we look more closely at the security issue, one of the fuzziest areas of the cloudy world of globally shared computing resources, aka the cloud. Security is potentially a weak spot in the cloudy firmament, but one well identified by the practitioners.

Cloudy Security

The security questions are clear. Enterprise data in a cloud computing environment rests in cyberspace—in the World Wide Web—not in a secure server somewhere on Earth, under possibly (or delusionally) compete control of the business enterprise that uses it. In the conventional server model, data are accessible only to the owners of the hardware and others to whom they choose to provide access. That’s it, except of course, to the clever hackers who can defeat the enterprises’ firewalls, malware detectors, anti-virus software, and other, not always effective security software suites.

The recent dustup between China and Google demonstrates the problems with the effectiveness of company enterprise security systems. If China can hack multiple proprietary systems, including Google, is any data safe?

In the cloud, data are out there circulating in cyberspace (on unknown and unknowable servers). Presumably, those erstwhile enterprise hackers are circling the data cloud like cyber wolves concentrating a herd of fat data caribou, looking to attack the weak points for a tasty meal. Yum-oh, to quote a favorite food network host.

How can a firm ensure that the only folks who can read and manipulate the floating data are those with approved access? Is this an insurmountable obstacle? When the data floats in the cloud, who knows who owns it and can access it? That’s the cloud security conundrum.

Is security a cloud show-stopper? Probably not, since the U.S. government and its military agencies are early adopters of cloud computing strategies and have begun to address the security issues in a big way. Among others, IBM is directly addressing the security issue, calling it “The Grand Challenge.” The industry has developed an approach—a “hybrid environment”—that uses the cloud, but with security tools such as identity controls and encryption. “A hybrid cloud environment allows users whether they be employees in your organization, whether they’re warfighters, to have some confidence in the physical security controls and processes,” said Chris Kemp, the chief information officer at NASA’s Ames Research Center, in a recent report.

A year-old information industry group, the Cloud Security Alliance,last December issued its second guidance policy report on cloud cybersecurity, “Guidance for Critical Areas of Focus in Cloud Computing.” The white paper outlines crucial areas of security concerns and advises both customers and providers on 13 key issues of security. These range from areas such as disaster recovery to managing identities to network governance.

At the same time, Sun Microsystems, a leader in open-source software, rolled out several cloud computing security tools. Sun also published a new white paper, “Building Customer Trust in Cloud Computing with Transparent Security.” The paper provides an overview of cloud computing security and the ways in which intelligent disclosure of security design, practices and procedures can improve customer confidence while protecting critical security features and data.

“Sun’s technologies, best practices and work with leading industry organizations like the Cloud Security Alliance help provide our customers and partners with a framework for securing data in cloud environments,” said Lew Tucker, Sun’s chief technology officer for cloud computing.

Up in the Air About Clouds?

Is the cloud here to stay? Bob Evans, Information Week columnist, recently opined, “Cloud computing takes the top spot for focus and achievement in 2010 because in spite of all the questions and concerns still floating around it, the cloud offers CIOs [chief information officers] huge potential. … I’ve seen a dramatic surge in not only CIO interest in the cloud’s capabilities and potential deployments, but also in IT-vendor emphasis on providing cloud-based solutions that are real, tangible, practical, and trustworthy. This is the big leap that successful CIOs must make in the coming year because no other architectural or platform approach will yield as much gain in lowering the cost of internal IT operations and liberating precious IT budget dollars to be deployed toward customer-centric growth opportunities. If by mid-year you have not developed and begun to execute upon an ambitious and enterprise-wide cloud strategy, then by year-end the odds are good you’ll no longer be a CIO.”

—Kennedy Maize is executive editor of MANAGING POWER magazine.