from the just-because-you’re-paranoid-doesn’t-mean-they-aren’t-after-you dept.
Last week the CEO ServiceNow made a minor splash by claiming that it was awfully easy for a cloud provider to spy on the data they stored for you or discriminate based on pricing. But while that’s possible, in many cases it turns out to be simply not practical enough to be beneficial. Even moves like restoring outages for higher-paying customers first turn out to be more trouble than they’re worth.
In today’s world of fierce co-opetition, your cloud provider may be both your partner and competitor – and building your business on top of your competitor’s cloud is a very dangerous way to live. When the ancient Chinese wanted to keep their population safe from dangerous invaders, they built a wall. So, does your business need a Chinese Wall to provide protection from a possible invasion by your cloud provider?
Public clouds reveal crucial data
Your public cloud computing provider knows a lot about your business. That knowledge may be giving them an unfair competitive advantage against you. This has always been a fear when using a public cloud – your business relies on a cloud being built by your competition. This issue has become more acute in the past few years as many companies have leveraged their competition to build and scale infrastructure that is the critical technology foundation for their business.
To help understand the implications here, let’s examine what your public cloud provider could know about your business. Assuming that your business is using infrastructure-as-a-service (IaaS), the cloud knows: where, when and how often your users connect; the types of devices and browsers your users have; how much data your business has stored; the number of compute servers that your business uses; the geography where these servers are deployed; and your active business relationships (seen by watching traffic flows).
If you’re using platform-as-a-service (PaaS), your cloud provider could know: the number of payments that you process (and peak payment hours); your database transaction rates and query patterns; the types of data that your business sends and receives; the velocity of your software changes; when you are upgrading or releasing new products (seen by watching traffic to specific locations on your site); and more.
For most businesses, all of the above data is considered intellectual property and carefully restricted for competitive and, in the case of a public company, regulatory, reasons.
Giving away a competitive advantage
For some public cloud computing providers, knowing the above information (excepting the regulatory data) is acceptable and could help them run their cloud in a predictable and scalable manner. Public clouds in this category are the ones that solely provide IaaS or PaaS services, such as Joyent, Rackspace, SoftLayer and Terremark. (My current company, ServiceNow, also falls into this category because we are building a PaaS for enterprise IT applications and not providing competitive applications.)
Now, let’s consider public cloud companies that have businesses that directly compete with, or could compete with businesses in a variety of markets, such as shopping, movies, advertising, gaming, search, social and so on. Public cloud computing companies, such as Amazon Web Services, Google Compute Cloud and Microsoft Azure, have large businesses in one or more of these markets. Thus, these companies, while providing a cloud for your business, very well may be your direct competition as well. And the knowledge of how your business uses their IaaS and PaaS may influence their competitive offerings.
While this may be only a hypothetical concern for now, it seems safe to say that if the company that operates the cloud has a business that directly competes with your business during a major outage the cloud employees will be motivated by who pays their wages. In other words, if your business and Amazon’s both suffer an outage because of an Amazon Web Service outage, I am willing to bet that the cloud team takes the call from Jeff Bezos first.
For example, a public cloud company could offer a store that sells the same products, have a similar file or photo storage service, provide a competing restaurant review service, provide a competitive video streaming service, and so forth. Do items that are selling well in your store appear on their storefront, or traffic patterns of your users influence when and where they launch their next service offering? Does an increase in your mobile traffic affect their product direction, or your business partnerships affect where they spend their business development efforts?
In reality, maybe not. But the temptation to share data across multiple groups in such an organization must be powerful. And that is why you may need a Chinese Wall.
Good walls make good neighbors
A Chinese Wall, a term that is believed to have originated in the business world after the stock market crash of 1929 to separate people who make investment decisions from those that have undisclosed public information, separates groups within an organization and restricts the information flow to avoid conflict of interests.
I am not a lawyer and do not have access to the latest terms of service and license agreements offered by public cloud computing companies. The agreements may already provide a Chinese Wall and cover information sharing and this potential conflict of interest. To alleviate these concerns though, the cloud computing industry needs to acknowledge the need for a Chinese Wall, validate that one does or does not exist, and a provide a way for your business to audit adherence.
Yet, a Chinese Wall and an audit process may not be enough. The profitability of your business may influence your cloud provider to become your competitor even if they do not share data across their organization.
When your business reaches the scale that attracts the attention of your cloud provider, one potential solution without relying on a Chinese Wall is to build a hybrid cloud – a cloud computing infrastructure that leverages both the public cloud and a private cloud working together to match the needs of the business. When engineered for scale, hybrid clouds have been shown to be more cost-effective and higher performing than public clouds.
Using a hybrid cloud, competitive information and processes can be kept on your private cloud where your competition cannot be tempted by confidential and competitive data. The public cloud could then be used to scale the infrastructure for multiple parts of the business without putting all of your IaaS and PaaS reliance on your competition.
If you are using a public cloud that may be your competitor today or tomorrow, you might think about asking for the construction of a Chinese Wall or to build your own hybrid cloud. Both may help keep dangerous competition at bay.
Allan Leinwand is VP and CTO, Platform Development for ServiceNow, the enterprise IT cloud company. He was previously CTO of Infrastructure for Zynga and founded the software-based networking company Vyatta.