We can’t go on like this…
The Cloud has grown up the past six years. It has been adopted by companies, organizations and individuals alike. Cloud First for most companies is a strategic choice with regard to selecting new software or infrastructure. And rightly so, because cloud offers many advantages.
But, there are also disadvantages that came to light thanks to whistleblower and exile Edward Snowden: secret service agencies are watching. The first reflex of legislators is to not have personal data land outside its own jurisdiction. This type of reasoning is outdated: data is not restricted to one single location and it is not straightforward. One must appreciate that certain governments demand that personal data may not be exported across national borders. But how can this be upheld in this day and age in which we telework and are always online? Personal data is copied, sent by email, synchronized between datacenters, not to mention backed up numerous times. Moreover, secret service agencies exchange information: if one secret service agency cannot gain access to data in another country, then it can simply request said data from its local partner who can access it.
The Cloud resembles The Wild West. Companies gather all kinds of information and share it without the user realizing such or having given his explicit consent.
Another shortcoming is the current state of cloud security. Users and cloud providers continuously exert themselves and incur costs to keep things safe, with middling results. If the datacenter is thoroughly fenced off, then something is bound to go wrong if the lines are intercepted by secret service agencies or criminals. Or, an end user messes things up with weak passwords, or by clicking on dangerous links and being careless with electronic devices.
Also, the Cloud resembles a prison. Data hosted by a cloud provider can only be retrieved at a considerable cost. And not because the cloud provider presents a hefty bill (costs should turn out to be reasonable), but mainly due to the costs involved processing raw data for meaningful use in a new environment.
We can do better …
The Cloud: can it be improved?
To which standards should the Perfect Cloud adhere if we, with today’s knowledge and skills, could design a perfect cloud? For convenience’s sake, I will leave out the numerous legal, technical, organizational and cultural obstacles. The seven requirements below are mutually dependent: together they form one single entity.
1. The Perfect Cloud Is Open
Thanks to far-reaching standardization and “open datacenters”, one large single Global Mega Cloud arises in which data can move freely between datacenters, providers, applications and territorial jurisdictions: perfect portability. The location of data no longer matters, and that saves us from drafting a lot of rules and regulations as well as from the accompanying enforcement efforts.
As a result, the role of the providers changes. Infrastructure becomes a commodity. Suppliers differentiate themselves with respect to pricing, reliability, latency and innovation. Saas, PaaS and LaaS morph into each other. Carriers offer datacenter services and vice versa; SaaS vendors develop into hosting providers. Already this development is in full swing.
2. The Perfect Cloud Is Completely Encrypted
All data is end-to-end encrypted: on the user’s device (the endpoint); on its way to the Cloud; within the Cloud; on its return journey; and between the endpoints. The encryption is as strong as far as is practically possible. And that ends the surveillance and (industrial) espionage to which we are now subjected. Building backdoors and intercepting data traffic is no longer useful as data without an encryption key is illegible.
3. The Perfect Cloud Has No Anonymity
Individuals who want to make use of the Perfect Cloud receive a digital passport: a smartcard or an app for authentication or authorization purposes. Strong, two-factor authentication is based on several biometric features, such as facial characteristics, four-finger scanning and heart rate. This information will not be stored centrally. As is the case with passports and ID cards, the municipal authorities compare the digital passport applicant’s personal data with the records’ database. The applicant must apply in person. Most individuals do not object to surrendering their anonymity so long as their personal data is not misused. Not everyone is a freedom fighter, a political activist within a dictatorial regime or a radical. For the aforementioned, the “Wild West” cloud will remain.
4. The Perfect Cloud Is Not Deceiving
The user of the Perfect Cloud is bound by a strict legal framework that obliges him to hand over his encryption keys if a criminal investigation or a security check has started. The mandate thereto must be determined by the presiding judge in a transparent procedure. This will put an end to the underhand manner in which secret service agencies operate, often illegally and with strict gagging orders that stipulate that individuals who are subject of an investigation may not be informed of the suspicions raised against them.
5. The Perfect Cloud Belongs to the User
The user is in charge of his own data. He or she determines who, and under which conditions, the data may be read or used. Internet service providers must indicate explicitly and in detail which data they would like to access. An independent privacy protection organization will determine if the internet service provider’s request for data is valid. This way, the review and approval processes are separated. Most internet service providers hide the general “consent request” section in the terms of delivery statement. More often than not, the user quickly clicks on “I Agree” in order to get started.
In addition, the user determines what is shown. Ads based on search behavior, one’s public profile, personal interests, no ads at all or only from specific providers? The user determines, and companies have to respect that or otherwise pay hefty fines.
6. The Perfect Cloud is Service Neutral
Analogous to net neutrality, the Perfect Cloud is neutral, too. Everyone is offered the same service for the same price: no differentiation or prioritization. Equal rules for everyone. One can of course pay extra for additional services, but the underlying basic services are the same for everyone. However, there will be a difference with respect to the users of the so-called Wild West Cloud. These users will experience less deferential treatment by companies and organizations. They will deal differently with anonymous or unverified users. They may not even want to do business with anonymous users or users with a pseudonym.
7. The Perfect Cloud is Economical
As many security measures have become obsolete and because far-reaching portability has made switching providers easy, users (consumers, companies and organizations), eventually, will pay less.
Attainable – or are we being naïve?
“The law and practical concerns stand between dreams and deeds”, wrote Willem Elsschot in 1910. In order to achieve the Perfect Cloud, an unknown number of obstacles need to be cleared. The cloud industry will not be keen to become subordinate to the user’s interests. More often than not, the government is the industry lobby’s puppet. Countries and judicial systems are divided. The initiative must be taken by the users: the consumers and the companies. Possibly the low-cost aspect will be convincing enough for the users to take action. And perhaps there are other conceivable aspects of the Perfect Cloud?