The democratization of IT: Cloud computing and the Berkeley community

Publication Date: 
May 1, 2009
Expiration Date: 
May 1, 2012
Shel Waggener, Chief Information Officer
Body Text: 

Since the early days of the mainframe, information technology has played a critical role in higher education, creating amazing opportunities and advancements in research, discovery, teaching, and learning. Yet for all its benefits, the technology explosion of the last decade has also created a world of increasing complexity, with IT professionals now facing a variety of options and challenges that didn't even exist 10 years ago. Today's enterprise technologies are no longer limited to locally managed ERP software, large server farms, or data center environments. The data center is everywhere, with laptops on every student desk, iPhones capable of running thousands of applications, and thumb drives with enough storage to hold a library of books. As impressive as these gains are, what will really revolutionize the way we use and manage technology is the ubiquity of network access and the increasing number of applications and other service components delivered via the network: the "cloud".

This new world is giving rise to an entirely new way of providing computing applications and services, not dependent solely on an individual computing device but instead linking them all and providing services in the "cloud" of the Internet. No longer do you necessarily need to spend resources on application developers, system administrators, servers, data centers, and the like. Applications, tools, and services in the cloud are available to anyone with an Internet connection — sometimes without even having to spend a dime. Cloud computing offers the promise of the democratization of technology, enabling each of us to become our own one-person IT team. Need an email account? Simply go to Yahoo! or Hotmail, sign up, and you are up and running instantly. Want to create a presentation? Try, or log in to Google and create a Google docs spreadsheet within minutes. Need to make a call to some far away country? Simply install Skype and make calls directly from your computer, no physical phone needed.

What could be simpler, or from an IT professional's perspective, more complex? In higher education, where we pride ourselves on open access and dissemination of information, this new paradigm appears not so much a threat but a limitless expansion of our technology environments. But how will we manage the campus computing environment and protect our institutional assets when a service like Skype connects millions of computers together, any one of which could be the source of a significant security problem? This new landscape feels a bit like the technology equivalent of the wild west — unplanned, unpredictable, potentially dangerous, all the while being very exciting.

The speed, features, ease of use, and low cost of cloud-based services when combined with the ever more powerful and less expensive personal computing devices are quite compelling for the individual user. What about for a department or for the whole campus? Couldn't we stop building our own custom solutions and instead simply subscribe to online services that would meet the need? In fact, many companies are preparing to offer services specifically tailored to meet higher education needs. Google now offers GoogleApps Education Edition, which provides communications, collaboration, and infrastructure solutions. Cloud services are being explored in a number of places on campus. IST is now using Salesforce, one of the leading cloud computing "software as a service" (SaaS) providers, to manage increasingly complex information about campus departments' computing needs. Berkeley's EECS department is evaluating and using Amazon's cloud platform, including online storage (S3), computing (EC2), database (SimpleDB), and others, via Amazon Web Services for research and teaching needs. (See EECS faculty member Armando Fox's iNews article, Cloud computing in education, for more information about what it is like to work in the cloud.)

The ability to support a department or campus constituency in creating their own unique solutions with little need for large up-front technology investment offers exciting possibilities but begs a number of questions. What happens when everything that is currently at Berkeley moves up into the cloud? What happens when you take ten different cloud services from ten different suppliers and combine them together to provide one "solution"? What does the end-user experience look like — will each of us need ten different IDs to conduct University business? What if one of those companies goes out of business with no warning and your data goes with it? These challenges, and others, are already emerging.

In most cases, the impacts have been limited to individual consumer-based services, for example when a photo sharing site closes unexpectedly and with it go your pictures, or when conflicts between providers leave customers with less than what they expected (see the running conflict between boxee and Hulu for a great example of cloud battles). Even worse, what happens if a cloud provider shares your information and data with someone else without your approval? When was the last time you really read through the details of one of those click through agreements before you said "I agree" in order to start using a service? Do you know what you just agreed to? It is this lack of transparency and predictability, the constant churn and change, and the concerns about security and privacy that has IT professionals worried. It seems the wild west metaphor isn't that far fetched.

So how do we avoid these potential problems or at least mitigate their risks? Many have suggested simply using services from well-established, large companies. In the pre-Internet era, you could determine if a company was viable based on RFP responses, interviews, reference checks, and other direct evaluation methods. Today, many companies offering cloud-based services have little more than a website and links to click on for questions. So perhaps you only use companies you know of or read about like Google or Twitter. However, even those established companies can present challenges. In one case, one of the most well-established providers on the Internet, Yahoo!, provided information and copies of email messages to the Chinese government, with very serious consequences for the service users. Even if you do read the terms of service in great detail, companies always reserve the right to change their minds. A recent attempt by Facebook (home to nearly 200 million users) to change the terms of use for all users by shifting ownership of all content on Facebook pages to the company, with no warning and no recourse, offers another example of risks associated with moving your data or campus data to cloud providers.

So how do we balance the benefits of cloud computing against the potential risks that it brings? The process starts with IT professionals recognizing that the economies of scale and power that cloud computing offers are here to stay. Cloud providers will continue to improve performance, features, and accessibility at such compelling price points that stand-alone, individual solutions will simply not be competitive, no matter how internally robust they are. In these austere financial times, these economies are even more compelling. Over time, we will need to start shifting our technical talent to evaluating and recommending specific providers, just as we have in the past when selecting products to purchase to run in-house.

We also need to change our approach to development and embrace the philosophy of loosely coupled design — a principle that anticipates and expects components of solutions to be brought together from both inside and outside the institution. That may very well mean giving up a modest amount of control in exchange for speed of development, richness of features, and rapid deployment. It also means rethinking the role of IT professionals from being owners of every piece of a solution, to being not just owners and builders of local solutions, but stewards or air traffic controllers of the many cloud options that will be stitched together within the local environment.

The public cloud isn't there yet, and will ultimately have to address security, privacy, performance, and management issues before it can become a full partner in our extended environment. However, it is not wise for us to wait until it achieves the same level of confidence that we have with internally developed systems before we start exploring and integrating cloud services: we need to begin now.

The power of the individual devices we all carry, the ever increasing capacity and reach of networks, and the explosion of services offered in the cloud will change information technology (and technologist) work in the coming years. We will need to see the cloud as not a threat to our local control, but as an extension of our technical environments and resources. So before you embark on your next technical development project, I hope you will consider your options: use the Berkeley private cloud offerings, select a (well-vetted) provider from the many global offerings, or some combination of the two. If your business needs require you to build something locally, consider how you might make your product available to other members of the campus community. Contrary to the old familiar saying, it's time for all of us to get our heads up in the cloud!