Part of a continuing series on competing with the cloud
What is needed to verify cloud service level agreements? Good question.
Authors Sara Bouchenak, University of Grenoble, Gabriela Gheorghe, University of Luxembourg, Gregory Chockler, IBM Research UK, Nuno Santos, Max Planck Institute, Hana Chockler, IBM Research Haifa and Alexander Shraer, Google, discuss this in a recent paper Verifying Cloud Services: Present and Future (pdf).
Most users think of cloud services in terms of performance and availability. As the authors note:
As far as we know, no clouds adequately address service performance and dependability guarantees. . . .
But there are many more issues.
Is the service functionally correct? Is the performance meeting both the SLA and the application’s requirements? Is the security level sufficient for enterprise needs and does it meet the cloud vendor’s claims?
The authors identify for specific areas where more information, independent of the cloud service provider, could be very helpful to consumers and enterprises.
- Trusted software and server identity. Is the service running the right software over the right set of servers?
- Functional correctness. Once the service is up is it doing what it is supposed to do even as the specific physical servers and network configurations are changing?
- Performance and dependability. Is it meeting performance and availability requirements? If not, why not?
- Security. Does the service comply with stated security policies?
These are not theoretical considerations. For example, it has been demonstrated that it is possible to manipulate the identities of virtual machine images to attack consumers on Amazon’s EC2 service.
There are few available techniques to verify cloud service integrity in a scalable manner. Configurations change without notice. Software updates, physical servers, network routers and more are not controlled by users.
And that’s assuming everything is working as planned. What if there is a malicious actor in the infrastructure?
For example, cloud storage. We may be reasonably certain that bulk data is consistent from one user to the next. But what about updates? How can users be certain that updated data is available promptly to authorized users?
If the provider promises encryption for data at rest, how can we validate that is is both encrypted and that the encryption process is secure? If triple redundancy is promised, how can we ensure that promise is kept?
Given varying national laws and surveillance programs, how can users know where data is physically located? Where are the audit trails that can show regulators or plaintiffs that no laws were breached?
The StorageMojo take
This paper is sobering because it shows how primitive current tools for verifying cloud services are – if they exist at all. It isn’t even clear that cloud providers themselves have the tools to know the answers to questions that corporate users should and will have.
Corporate IT is the logical entity to ask these questions and verify the answers. But these unresolved issues won’t stop the business units from using cloud services, and it would be a mistake for IT to try to use them in that way.
Cloud services are now an irreversible part of the IT infrastructure. IT professionals have a golden opportunity to drive their quality by asking the right questions and investing in the needed and soon-to-be-invented tools.
Comments welcome, of course. How do you handle these issues today – if you look at them at all?