This week, I got my invite for Google App Engine in the mailbox. If you have not heard of it, Google App Engine is a beta product from Google where you can publish your web apps to Google’s massive infrastructure. Currently only Python is supported as a language but Google intends to add other languages in the future.
It seems (I will try when I have more time) really easy to publish your app to their cloud. As an extra advantage, you can use Google’s API for Authentication so you can for example authenticate your users based on their Google Account. For the moment, it is free although some quotas are enforced but I suspect that after the beta period ends, it will be a paying service.
Google is not the first to offer these kind of services. Amazon currently already has a stable cloud platform. They even go further by offering a real computing platform instead of ‘just’ the web application framework.
The advantages of Cloud Computing for businesses are obvious. You get instant scalability and high availability for your application and you pay only for how much you use it without investing heavily in your own hosting infrastructure.
However, security is more than availability alone. There are obvious concerns about the confidentiality and integrity of your data while it lives in the cloud. Is your data private in the cloud? Could it become corrupt? The answers are that you don’t know and that you trust the cloud provider.
Potential vulnerabilities should also be a concern. Google has disabled most of the ‘unsafe’ functions in Python but there are bound to be bugs (and security vulnerabilities) in the applications that developers push to the cloud. Will these affect other applications? Again, you trust the provider.
Or what about abuse of the cloud as such. I noticed Google offers a mail API to send out e-mail. Google is quite a trusty sender of mail so this would be ideal for spammers to abuse. Imagine littering the cloud with web apps which can send e-mail and writing a front-end spam app which sends round-robin spam to all these apps, who deliver mail through the trusted Google smtp engine.
Will these and other security concerns stop the trend to Cloud Computing? I don’t think so. As with all new technologies, there are concerns but when there is a business driver (cheap high availability) you might be able to slow it down but it will not disappear. This is something which not only goes for IT but for most technologies.
The real challenge will not be to list all possible risks to scare people but will be to think about how we will handle this technology securely and how security can be embedded in the cloud. Interesting times I think.
