Thursday Jan 28, 2010

Cloud computing, a beneficiary of open source software

A nature of open source software (OSS) is that, anyone can have a copy of the source code as long as he or she agrees to the license of the OSS. For countries who want to expedite the development of their own information technologies, OSS provides a precious learning opportunity, and is a wonderful start point. Governments of these countries also tend to believe that, comparing to commercial software, OSS is less risky in terms of being controlled by vendors. In other words, the usage of OSS is inspected from a strategic point of view by some governments. It is linked to the security of the national information system infrastructure. Therefore, in some countries, governments encourage the application of OSS. For example, Chinese government has been showing its intention publicly for years. Preference on OSS is commonly witnessed during government procurement.

The good news is, cloud service providers, who are applying open source software
extensively, look like a beneficiary of government's preferential policy to me yet.

OSS are already been used pervasively in cloud computing world. Vendors build their cloud computing data center on top of mainstream OSS, like Linux, Xen, Hadoop, MySQL and so on. Apart from government support, OSS is likely to hold the economic advantage over commercial software. Typically, license models of commercial software are charged by user number or processor / core number. However, cloud computing systems are designed to serve high volume users. Charging by user number is not a good deal in this case. Cloud systems also run software on virtual machines. One physical machine usually runs multiple virtual machines, which means all the virtual processors of each virtual machine may be counted in the commercial license models. Such license models are financially unfavorable in cloud computing realm. In contrast, most open source licenses are cloud computing friendly, and have much less limitations on cloud-based deployment.

Monday Jan 25, 2010

Security, a disadvantage of cloud computing?

Indeed, for those companies who have strong IT expertise and sufficient resources to build their own data center, security may be a disadvantage of public clouds of cloud computing. However, vast majority of organizations are not capable to setup a sophisticated IT infrastructure on their own, because of lacking of either necessary conditions mentioned above. In most cases, organizations focus on functional requirements and are not able to pay adequate attention to security issues when building IT infrastructure. The consequence is many IT systems running without necessary security control procedures, and thus be in a dangerous environment. This is especially true for small and medium size enterprises (SME). For such organizations, cloud computing, even public clouds, actually becomes a more secure option. Cloud computing providers pervasively build network security and system security into the cloud infrastructure. They have well-equipped and professionalized staffs to protect the cloud system from network threats and virus. Security of cloud systems is one of the basic offerings of any mainstream cloud services and normally does not charge extra service fee. Thus, when facing government's requirement on system security, enterprises can effectively increase the security of their information system by leveraging cloud computing if they do not want to spend resources on this task. Here is an example of the security requirement from governments:

November 24, 2009, the state council of China required companies in the network media industry to take the responsibility of maintaining network security of their own information systems. One background of this requirement is, presently, most Chinese media companies are not specialized in network security. Most information systems have potential security problems, and the systems are vulnerable to network attacks. It is obligated for media companies to take action in response to this requirement from the government. In the traditional on-premise computing, the most common reaction is to allocate dedicated resources to take charge of network security. This manner normally implies more investment on computer hardware, software and human resources. Since this is not a one-off investment, so it has to be integrated into the cost structure of the company as a constant operating cost. In addition, network security does not belong to the core competence of a media organization. Hence, such investment may do harm to the profitability of organizations.


Jie Shen


« April 2014