You probably have a number of questions about the Cloud, so let’s address some of the most common ones right here at the beginning. This first chapter is an FAQ that lays out the main facts and points you to parts of the book where I go into more detail.
Where Does the Term “Cloud” Come From?
How Is Cloud Computing Different from Good Old-fashioned Servers on the Internet?
What Are the Major Types of Cloud Services?
What’s Not So Great about the Cloud?
Will the Cloud Mean I Won’t Need My Own Computer or Software?
Can I Trust the Cloud with My Data?
Will I Maintain Ownership of Data I Store in the Cloud?
What Are the Security Considerations?
Do I Have Any Hope of Privacy If My Data Is in the Cloud?
Does the Cloud Mean Something Different to Developers and Big Businesses?
What’s with the Weird Cloud-related Acronyms like SaaS, PaaS, and IaaS?
How Can I Choose a Cloud Provider?
First things first. This being a book about the Cloud, we should start by clarifying what that term means. And that’s trickier than it sounds: there’s no single, universally agreed-upon definition.
For many people, “the Cloud” is synonymous with “the Internet.” It’s a global network of smaller, interconnected networks, that if viewed diagrammatically at a large enough scale, might vaguely resemble an actual cloud. In this sense, the word “cloud” is intended as a clever if overused metaphor, but doesn’t add any shades of meaning.
Increasingly, however, “the Cloud” is used in a more specific sense to refer to storage, applications, and other services made available over the Internet—sometimes for free, but often for a small fee—to people and businesses as a replacement for similar products that would otherwise run on local devices. (Think: Google Docs versus a copy of Microsoft Word installed on your computer.) Such services are provided by large, distributed computer networks rather than individual servers, adding another stratum to the cloud metaphor. Given this usage of the term, a conventional FTP server would just be “on the Internet” whereas Dropbox is “in the Cloud.” (If that doesn’t make sense yet, don’t worry—more details are coming soon.)
In this book, I look at the Cloud in this more restricted sense. I’m not going to tell you everything there is to know about the entire Internet, but I help you make sense of the endless barrage of cloud products and services companies are trying to sell you.
By the way, you’ll notice that I capitalize “Cloud” when it’s used as a noun to refer to the set of Internet services available globally. Not everyone does, but just as people sometimes distinguish between the Internet (the global network) and an internet (a smaller, usually local network that may or may not connect to the Internet as a whole), there can be a cloud (a particular collection of networked devices) that may or may not be part of the Cloud. That will become especially evident when I talk about The Personal Cloud.
The word “cloud” has been used as a metaphor for the Internet since at least the early 1990s, and cloud symbols were used generically to represent unspecified data sources or destinations long before that. It’s easy to see why. The same adjectives you might use to describe real clouds—nebulous, ephemeral, fuzzy—apply equally to the metaphorical Cloud. What are the boundaries of the Internet? What’s its shape? What’s in, what’s out? Those answers are constantly changing, just like clouds blown around and reshaped in the sky. (The fact that there are occasional bursts of electricity that can cause significant damage is another little detail both senses of “cloud” share!)
A cloud is a convenient shorthand, too. If drawing a diagram of how data gets between my computer and yours, I likely don’t know or care about the exact path the data takes through various Internet service providers (ISPs), routers, and other devices. It’s enough for me to sketch my cable modem connecting to a cloud, and then your DSL router connecting to the same cloud somewhere else. What happens between here and there is highly variable—and largely irrelevant.
Computing—whether that’s crunching numbers, playing a video, or displaying your email—requires hardware of some kind. That might be a PC on your desk, an iPhone in your pocket, a set-top box in the living room…or a gigantic cluster of servers spread across some company’s data centers in five states. When computing happens on a device that you own, that’s personal computing. When it happens on a single computer somewhere else, that’s remote computing. When it happens on one of these massive, distributed networks, that’s cloud computing.
Cloud computing means that whatever computational task you’re trying to accomplish at the moment is being performed by one or more computers somewhere in the Cloud—and the details (what kind of computers, where they’re located, what operating system they use, and so on) don’t matter to you. You interact with the Cloud using a Web browser or other app running on your personal device, but all the hard computational work and data storage happens somewhere else.
I’ll mention many examples of cloud computing in this book, but some you may already be familiar with include Google’s G Suite (Docs, Sheets, Slides, and more), Apple’s iWork for iCloud (Pages, Numbers, and Keynote), and Adobe’s Photoshop Express. In fact, arguably, every type of activity that I discuss, from file storage (see Cloud Storage) to office apps (see Cloud Apps) to setting up a full suite of Internet services for a business (see Other Cloud Services) falls under the broad heading of cloud computing.
From your perspective as a user, cloud computing means not having to worry about software licenses and upgrades, disk space limitations, hardware failures, and so on. The device you use to connect to the Internet doesn’t need as much processing power or storage space as it otherwise would, because processing and storage happens in the Cloud. You can switch devices or operating systems without having to install software, sync files, or worry about compatibility.
This brings me to my own definition of “cloud computing”: somebody else’s problem. That is, in contrast to servers, networking equipment, hard drives, and other devices I’d otherwise have to buy, maintain, install software on, and spend endless hours fiddling with myself, cloud computing puts all that messy stuff in other people’s hands. All I, as a user, have to do is pay one or more providers for their services, log in here and there with my username and password, and go about my business without ever concerning myself with the rest of it.
The biggest difference between modern cloud computing and the Internet of decades past involves a new approach to the concept of servers. To explain, let me take you on a quick (and oversimplified) trip down memory lane.
As long as the Internet has been in existence, it has included servers—computers that provide one or more services, such as FTP, email, and Web, to other devices (Figure 1).
The term “server” itself is a bit ambiguous, in that it can mean either the software that provides a given service or the hardware running the server software. So, I could run Web server software and email server software on my Mac; and if I did, I might refer to either the Mac itself or either individual application as a server.
A single computer running a Web (or other) server might handle many different domains, and in fact that’s exactly the way shared hosting has operated for a long time. Customers who want to run Web sites or provide other Internet services pay a small monthly fee to share space and resources on a single server with a bunch of other customers. The company that runs the server handles things like maintenance, upgrades, and (sometimes) backups. The system works well, most of the time, for individuals and businesses with modest server needs.
But even before the term “cloud” came into vogue, companies running servers realized that any individual computer quickly encounters limits. Maybe a site has more users—or requires more storage or computing horsepower—than a single computer can handle. Maybe the server’s owner is worried that a particular computer will break down.
For these and other reasons, systems emerged that let server administrators connect multiple individual computers into a cluster that appears to the outside world to be single big server (Figure 2). That way, heavy loads can be distributed across computers, and the redundant machines offer protection against hardware failures.
Server clusters can be distributed geographically, too, so that if a storm takes out an entire data center in Texas, the data center in Colorado can keep the services online.
But then a different set of problems comes up, because whether a server is shared or not, overall usage levels change all the time. Maybe a single Web site attracts lots of attention for a few days now and then (a blog post or video goes viral, for example), needing many computers’ worth of capacity, but usually has a small enough load that a single computer can handle it. Maybe a company starts out serving a few hundred people but then rapidly grows to serve millions—or maybe the opposite happens.
In such scenarios, a lot of the available computing power lies unused a lot of the time. It’s not cost-effective to buy and maintain a large number of computers just in case you need their extra power from time to time, and scaling a cluster up or down also involves considerable work and expense.
One way to solve this problem is to use a virtual server. If you’ve ever used an app like VMware Fusion or Parallels Desktop to run Windows on a Mac, you’re familiar with the idea—there’s special software that lets one operating system (the guest) run inside another (the host) as a virtual machine. The guest operating system functions exactly like a stand-alone computer, except it isn’t a separate piece of hardware; it’s just a virtual construct in software. In this way, you could have a PC running ten installations of Linux (each with its own server software).
Each virtual machine operates as an independent computer, even though they’re all using the same CPU, storage, power supply, and so on (Figure 3). Because a single physical computer can host multiple virtual servers, the probability increases that its physical resources will be used more efficiently.
Of course, a single virtual server could suddenly need more power than even the entire computer it’s running on could offer. But no problem—you can probably see where this is going—it’s also possible to string a bunch of computers together to function as a single, much larger computer, and distribute your virtual machines across them rather than having each one bound to a single physical computer (see Figure 4). It’s the same concept as grouping computers to act as, say, a big Web server, except here they’re acting as a big host for virtual servers. The hardware can adapt almost instantly to the changing resource needs of many servers, and the virtual servers can be added, removed, or resized at any time, without any hardware changes.
Now, let’s say you’re a company like Amazon, Google, or Microsoft with a bajillion computers in data centers all over the world, and you’ve configured them to host a dynamic array of virtual servers like this. All that’s left is to sell access to them—for a small fee based on usage—and now third parties can create their own full-blown server installations, perfectly and instantly scalable to any size, without ever having to invest in hardware, worry about maintaining said hardware, or make wild guesses about capacity that later turn out to be far off.
That, in a nutshell, is how modern cloud computing differs from the old way of “a bunch of servers connected to the Internet.”
Cloud computing is the general term for all the computing tasks that happen on distributed servers in the Cloud. When a company makes a particular cloud computing capability available to the public, that capability is a cloud service.
For example, email could be a cloud service. Calendar syncing, an online word processor, remote backups, and movie streaming are also cloud services.
Since cloud computing is a generic concept, whereas a cloud service is a specific thing you can actually buy and use, this book talks mainly about cloud services.
Ask an enterprise computer geek what the major types of cloud services are, and you’ll probably get an answer involving a bunch of inscrutable initials (see What’s with the Weird Cloud-related Acronyms like SaaS, PaaS, and IaaS?). This book is not for computer geeks, however, so I’m going to divide up the landscape differently, and use actual English words for the types of services you most likely care about. The categories of cloud services I discuss in this book are:
Other types of cloud services exist too (for example, database engines, technical support services, and payment processing), but in order to keep this book focused and relevant for its intended audience, I largely ignore them.
Using the Cloud offers numerous benefits. Among them:
And, when it comes time for a new device (say, an upgraded iPad), you don’t have to agonize about moving all your files to the new model, because most of the things you care about are already in the Cloud, just as accessible from the new device as the old.
A number of the factors that make the Cloud great also have a flip side that’s less enticing. For example:
All that to say: many of us need to be able to continue doing productive work in situations where we can’t count on suitable Internet access, and that’s a huge strike against services that depend entirely on the Cloud.
Another aspect of limited data control is that it may be difficult to move your data to a different cloud app or service. There’s no guarantee that formats will be compatible or even that you’ll have any way to export data from one service and import it to another.
Games are another example. Some types of games require heavy-duty graphics processing in order to render realistic, high-speed visuals on your screen. Even when these games have an Internet component (such as competing with people remotely), there’s not enough bandwidth in any Internet connection to push all those rapidly changing pixels to your screen instantaneously, as the graphics card in your computer can do.
These aren’t the only downsides, but they illustrate the fact that even a silver lining can’t always make up for a dark cloud.
It used to be that if you wanted to run a word processor or a spreadsheet, you had to install the appropriate software on your computer. You can still do that if you want, but you now also have the option to run such apps in the Cloud, using only a Web browser. As more and more apps become available in the Cloud, and as their quality and usability improve, the argument against buying and installing software on your own computer may grow stronger.
Indeed, the industry is already moving in that direction. Computers like Chromebooks (and their desktop counterparts, Chromeboxes) are examples of thin clients, or devices that rely on servers in the Cloud to do most of their actual processing and storage. You can buy such a device instead of a conventional computer and still perform most common computing tasks—as long as you have a reliable, high-speed Internet connection. (I say more about this in the sidebar Chromebooks and Other Thin Clients.)
And let’s not forget mobile devices (smartphones and tablets), which I cover in The Cloud and Mobile Devices. Such devices usually have less processing power and storage than full-blown computers, making them a good match for some kinds of cloud-based apps. Granted, there are other considerations—for example, some mobile Web browsers don’t support the plugins needed to run popular Web apps, and in many cases native mobile apps provide a better user experience. But at the very least, the Cloud lets you perform certain tasks on a mobile device that would otherwise be impossible.
However, notice that whether you’re talking about a less-powerful computer or a mobile device, you still need some type of hardware to use cloud apps and services. No matter how powerful cloud-based computing becomes, it won’t magically create a display or input device out of thin air. You must have some way to interact with it.
To be sure, this need not be a fancy or expensive device, or even one you own. A simple terminal at a library or coffee shop can give you free access to the massive computing power of the Cloud for an hour here and there, no personal equipment required.
Nevertheless, I don’t foresee conventional personal computing devices disappearing any time soon.
If you store data on your own computer, you know where it is, and short of a power outage or a hardware failure, you know you’ll be able to access it. You can also feel reasonably certain that, as long as you’ve taken sensible precautions, no one else will be able to access that data.
But when you put your data in the Cloud—whether it’s your contact list, a novel you’re writing, vacation photos, or a top-secret business plan—you may wonder if it’s safe there. That could mean safe in the sense of reliability (Can you be sure it’ll be intact and accessible when you need it?) or security (Can you be sure unauthorized people won’t be able to access it?).
In either case, the smartest assumption to make is that no, your data is not safe in the Cloud.
Wait, what? Hear me out.
In terms of reliability, I’ve experienced numerous outages of cloud services, lasting anywhere from minutes to days, during which time I couldn’t access my data. Despite all the redundancies of multiple servers in multiple places, this sort of thing can and does happen pretty frequently. I’ve also had data that was stored in the Cloud go missing for no readily apparent reason—one day it’s there, the next day it isn’t. And, of course, a cloud provider could go out of business or simply decide to discontinue a certain service. So, even though most cloud services are generally reliable, I would never put my entire faith in one. I’d always have a local backup of my data too (see Cloud Backups).
As for security, well, the news is full of reports of security breaches. Hackers break into servers and steal data. Government agencies from around the world spy on data in transit, infiltrate security systems, and may even have back-door access to data on the servers of large cloud providers. And even when a company does its level best to protect your data, people (and machines) make mistakes. That’s why I would never assume data I store in the Cloud is secure—unless I’ve taken steps to encrypt it before it ever leaves my devices (see Privacy and Security in the Cloud).
In other words, you shouldn’t start with the assumption that your data is safe in the Cloud (in either sense), but you can certainly take steps to improve its safety dramatically. And if even that isn’t enough for your peace of mind, you can bypass commercial cloud services altogether and concoct your own personal cloud that offers more control, albeit at a higher cost and with more effort required (see The Personal Cloud).
If you create or store a file on your computer, you own it. If you create or store a file in a cloud-based app, the same should be true, right?
Well…yes and no. Each cloud provider has its own terms of service and privacy policy that describe what it may and may not do with your data. Although the general principle in the United States is that the person who creates any type of content holds the copyright (barring explicit agreements to the contrary), a cloud provider may assert the right to reuse your data in various ways. For example, an image sharing service could specify in its user agreement that any photos you upload can be used to promote the site, or even resold to make a profit for the provider. This sort of thing isn’t usual, but it has happened from time to time. So, be sure to read the fine print!
If a cloud provider goes out of business or is acquired by another company, the situation gets murkier. Although the details should all be spelled out in the legalese somewhere on the provider’s Web site, things have a way of falling through the cracks during periods of transition.
A couple of questions ago (Can I Trust the Cloud with My Data?), I brought up the matter of trust. A company may say all the right things about the extraordinary lengths to which it goes to keep your data secure, but you can’t ever know that it’s secure unless you take security into your own hands. The only safe assumption is that some third party could access any data you store in the Cloud unless you encrypt it first—and you, not the cloud provider, hold the encryption key.
In Security in the Cloud, I explore the topic of cloud security in more detail. I explain (in layman’s terms) how encryption works, what it means to hold your own encryption key, and the limits of encryption when it comes to cloud services. For now, I want to set your initial cloud security expectations pretty low. If you have information that must go in the Cloud and must be kept secure (for example, if you’re bound by regulations such as HIPAA in the United States), you can make that happen—but it will require significant effort and attention.
When it comes to the Cloud, security and privacy go hand in hand. That is, only when your data is secure—by which I mean protected using one or more forms of encryption—can you truly consider it private.
It’s possible to have privacy without security. After all, privacy only means freedom from observation or attention. If no one happens to be looking at your data—because it’s located in an obscure place or perceived as uninteresting, for example—then it’s private. But just as a private conversation can become public if someone walks by at the wrong time and overhears you, private data can become public in any of numerous ways unless it’s securely encrypted. And there is still, alas, a great deal of unencrypted information in the Cloud.
The reverse is also true—your data could be secure (in a sense) but not private. For example, you use a file storage service such as Dropbox that encrypts all your data before it leaves your computer. Your files are secure, but Dropbox maintains the capability of decrypting them—and will do so in response to a subpoena or court order. At that point, the privacy disappears, because the security was insufficient.
So, although it is possible to achieve a reasonable level of privacy for data you store in the Cloud, you shouldn’t expect that data in the Cloud is private by default. I say more about this in Privacy in the Cloud.
This book, geared as it is toward the general public, is about the Cloud as it appears to nontechnical individuals and small-business users. You’re trying to decide which services to sign up for, what the costs and risks are, and how to make sense of a long list of competing claims. Your interaction with the Cloud will be primarily as a consumer.
Enterprise users (that is, IT departments in large organizations) have a different view of the Cloud, because they’re trying to figure out whether and in what way cloud services can replace physical data centers they’d otherwise have to build, maintain, and staff. Their goal isn’t to figure out how to edit a spreadsheet in the Cloud, but how to provide a long list of business services to tens of thousands of employees. Enterprise customers already have system administrators, programmers, and networking experts on staff, and they aren’t put off by the complexity of dealing with cloud services at a lower level.
Developers (people who write software or design Web sites) also have a special perspective on the Cloud. They’re typically thinking about how to create sites and services for the rest of us to use, and they’re trying to discover the most efficient and cost-effective way to do so, whether that means buying servers of their own, renting equipment and space at a data center, or paying for virtual servers and other resources in the Cloud.
I mention all this because if you (an ordinary person) do a few Web searches looking for information about the Cloud, much of the stuff that you’ll discover was written not for you, but for these highly technical, big-business-oriented folks. You might find it bewildering and off-putting. And that’s exactly why I wrote this book: to frame the discussion in terms that are meaningful to individual users.
I was just talking about doing some casual Web searches to learn more about the Cloud. One thing you’ll inevitably run across if you do this are acronyms starting with a capital letter and ending in “aaS” (for “___ as a service”). That’s “service” as in cloud service, of course—every one of these acronyms refers to some sort of capability created by large collections of servers and available for rent by the hour or megabyte.
If you’re reading this book, chances are none of these acronyms matter to you at all. In my opinion, it’s worth being vaguely aware of them just so you can seem clueful at parties, but you can sort of skim these definitions and then forget the details:
Only programmers would find PaaS useful or interesting. On the other hand, even non-programmers may find PAAS Easter egg dyes to be useful and interesting.
These aren’t the only things available “as a service.” There’s also HaaS (hardware as a service), DBaaS (database as a service), VaaS (voice as a service), and at least a dozen more, collectively know as EaaS or XaaS (everything as a service)!
But again: for the purpose of this book, we’re mainly interested in software as a service, with occasional mentions of platform and infrastructure as services.
You’ll sometimes hear a distinction between “the public cloud” and “a private cloud.” The public cloud refers to cloud services available for rent by the general public over the Internet—in other words, nearly all of what this book discusses.
However, companies that want the advantages of the Cloud but want to keep more control over their data can set up a private cloud, which typically takes one of two forms:
The point is, a private cloud offers many of the advantages of the public cloud but with added security—with the trade-off being that the company running a private cloud may need to invest more in infrastructure or pay more for specialized outside services.
Like a private cloud, a personal cloud incorporates (most of) the basic elements of cloud computing and storage, but you, the individual user, own and control all the hardware. You can create a personal cloud with devices (servers, network-attached storage, and the like) in your home or office, at a friend’s house, or colocated at a data center—meaning you own the equipment but the data center provides the space, power, and Internet connection. It may involve significant time, effort, and cost—and you’re on the hook for your own maintenance and upgrades—but it also eliminates the vast majority of security and privacy concerns of public cloud services. I say more about this later, in The Personal Cloud.
Choosing a provider is tough, and you might need several providers, each to meet a specific need. Name any cloud service—file storage, calendar syncing, backups, word processing, movie streaming—and you can find dozens of companies proclaiming their offering to be the best, most modern, most cost-effective, and friendliest. Because the differences between services sometimes boil down to subtle details and other times overlap only partially, making a smart choice can be maddening—and since services and prices change frequently, the decision you make today may not be the best choice tomorrow.
In addition to making recommendations for particular services in each chapter, I offer higher-level advice on selecting the right combination of cloud services to meet your needs later, in Choosing Cloud Providers.