We often focus on the technological security issues of cloud computing.  We should also be thinking about physical security.  I've set foot in many datacenters, some of which featured impressive physical security measures (armed guards, series of entry barriers, etc).  Others have been lacking in comparison.

Too often, companies fail to do their due diligence on physical security when choosing a cloud provider.  Some questions to ask:  does your provider have 24/7 armed security (and how many guards), access control systems/procedures, number of independent power sources, fire supression systems, etc.

It happened sooner than I thought.  A cloud provider caught in an unwinable situation.   Amazon this week hosted, and then unhosted, Wikileaks.   On a technical level, experts questions whether AWS could handle distributed denial of service attacks.    Social media users shared the "close your Amazon account" link -- Amazon lost customers and its good image to a portion of  their customers.   Many who support Amazon are still wary of the government pressure to remove.

You can envision other scenarios...hackers using cloud computing power to hack passwords or servers, to power DOS attacks, to power sites some find offensive.    Wikileaks forces cloud providers to confront a host of unwanted legal, political and media issues.

The removal of Wikileaks from AWS had little effect, the site is mirrored on dozens of site, and Wikileaks is successfully using Twitter to broadcast its message along with links to such mirrors.   If anything,  we saw the Barbara Streisand effect yet again.
Twitter instant search site Twitstant has solved the frustrating problem of short urls (ie, where is this link taking me?) When you hover over any short url on Twitstant, a lightbox appears with both the expanded URL and a screen shot preview of the site. Simple but innovative.
Centers for Medicare & Medicaid Services (CMS) is migrating to the cloud in a 78-month deal with CSC valued at $230 MIL. There is a 6 month initial period, followed by 6 one year options. The one year options is typical of government contracts. CSC had previously announced partnerships with Google and Amazon to provide cloud-based services to clients. A larger number of cloud deals is already replacing yesterday's mega-deals.
The US Government is requiring a Cloud First approach to IT as part of the 2012 budget process. Jeffrey Zients, chief performance officer at the Office of Management and Budget, discusses "a new strategy to fundamentally change how the federal government purchases and uses IT". Cost is a motivating factor in the decision, but cloud computing does not always result in cost savings. Many cloud computing projects, in fact, have been a money sink.
Amazon has added a new Cluster GPU instance to its Elastic Compute Cloud (EC2) platform, which provides scalable computing capacity in the cloud.

The GPU Quadruple Extra Large Instance has a pair of Nvidia Tesla M2050 Fermi GPUs, each of which has 448 cores and 3 GB of RAM. You can use up to 8 GPUs in a cluster (need to ask Amazon if you want more).

This computing power does not come cheap: $2.10/hour or .75/hour if you pay an upfront fee of $5k/year.

Security remains one of the top issues facing companies using or providing cloud computing. Here's one use you might not have thought of: using cloud computing resources to speed password hacking. TechWorld writes about this very subject. The article does not cover legal issues surrounding. If a site is hacked using computer resources from AWS, for example, would AWS have any legal exposure? Attorneys, please weigh in!
Amazon has finally added a free service tier to compete with Google's App Engine. Beginning November 1st, Amazon users can run a free EC2 Micro Instance usage for a year. The free tier, however, is on underpowered machines: 750 hours/month on 613 MB memory, 32-bit and 64-bit platform support. The free quota limits are good:
  • 10 GB of Amazon Elastic Block Storage, plus 1 million I/Os, 1 GB of snapshot storage, 10,000 snapshot Get Requests and 1,000 snapshot Put Requests
  • 5 GB of Amazon S3 storage, 20,000 Get Requests, and 2,000 Put Requests
  • 30 GB per of internet data transfer (15 GB of data transfer “in” and 15 GB of data transfer “out” across all services except Amazon CloudFront)
  • It's enough to run your mashup for a year for free. But after one year, you pay Amazon's normal rates. With GAE now supporting SQL (in the past, folks have complained about a 'lock-in' factor with BigTable), we see no reason to use the Amazon Free tier. Google's free limits are generous, and they don't expire after a year. Here is an outside look at Amazon vs GAE.

    Google's Instant search has been wildly popular - resulting in a rush to "instantize" other sites. My favorite: Twitter instant search by Twitstant Twitstant uses the popular JQuery framework and Twitter's RESTful API to create a simple, yet brilliant instant search capability. With focus set on the search box and no "search" button, you simply cannot search Twitter faster.
    Cloud computing is transforming data centers.   I highly recommend the Cloud Computing Deep Dive report The 21 page report from InfoWorld discusses how critical resources are sourced and deployed. Security and governance models change. Power and management requirements are altered. If you are transforming your business' data center into the private cloud model, this report is a good starting point.
    Mule 3 is out and they have jumped on the cloud computing bandwagon.

    The Mule Cloud Connect supports Amazon AWS, Salesforce, and Facebook. Mule 3 supports for JSON data bindings and mapping, JAX-RS, and OAuth in its core functionality. More interestingly, Mule 3 will allow subscriptions to ESB events directly, although most security infrastructures will not allow JQuery to subscribe directly to ESB events.

    A big focus on Mule 3 has been ease of use, meaning less cost for businesses in terms of development time, deployment, and maintenance.
    Amazon hosts 6 to 8 of top 10 games on Facebook, including FarmVille.  That helped AWS generate $500 MIL in revenue for 2010.    Amazon's growth has had some bumps, with users occasionally unable to login to FarmVille.  Even so, AWS will see huge growth according to UBS analysts Brian Pitz and Brian Fitzgerald.  Their estimates: $750 MIL in 2011, $2.5 BIL in 2014.
    How good is security on the cloud? It's as good as your cloud provider. It's a lesson for Mike Bradshaw, director of Google's federal government group. He recently testified "The cloud enhances security by enabling data to be stored centrally with continuous and automated network analysis and protection." True, but what if Google makes those private documents on the cloud public? Microsoft was more realistic when discussing security in the cloud, stating the cloud "presents new security, privacy and reliability challenges, which raise questions about functional responsibility (who must maintain controls) and legal accountability (who is legally accountable if those controls fail)." Information Week has the full details.
    I was surprised to hear that 75% of Twitter traffic comes from the REST API. Surprised because I thought the number would be even higher. Twitter has slashed API limits in half across the board (even for its own official apps). Currently the public API rate stands at a miniscule 75/hour. The Fail Whale problem has been Twitter's own doing: they clearly should not have been making significant network changes as the World Cup started. They have not recovered and it's been an embarrassing month. Take a look at status.twitter.com (note: they aren't posting all the errors, the real picture is worse).
    The census bureau is building up cloud infrastructure for the 2020 census.   Current census technology is (not surprisingly) lagging - for example, they are just now moving to virtualize their Linux environment.  The 2010 census has also been plagued with database performance problems.
    Dear Twitter,

    If you are going to return different JSON in your RESTful services, please tell your users in advance.


    Versioning and life cycle management of your services is crucial for clients.  Developers of Twitter based applications are quite aware of this.  Once again, Twitter changed the JSON response of some RESTful services at the usual time of 8PM PST.  Of course, it broke our popular Twitter application.   Twitter's RESTful services often change at a whim (not the actual call, but the format of the JSON response)

    The cost?  Development time to track down this unanticipated problem.  But mostly, a usability cost (as in potential lost new users) as our application was not properly updating over night until we fixed the issue.

    The moral of the story for all Web Service developers is that the versioning of your services is crucial and should be a part of service deployment from the start.
    CA has acquired Oblicore, which has built service-level management technology.   CA wants to develop service management capabilities for customers looking to manage cloud computing environments.  Oblicore is known for their real time service performance monitoring.  It's a good buy for CA.