Synergy Seeds Cloud Growth
Customers, enablers and providers are boosting each other as technology expands.
The future of the cloud is being defined by the technology’s two-way relationship with both users and innovation. Each group exerts influence over cloud evolution, and the cloud shapes the needs of customers and the direction of technology transformation. Cloud improvements might make traditional data storage and retrieval activities become less visible, fading into a cloud of usage analogous to 19th-century military thinker Carl von Clausewitz’s fog of war.
The nature of the cloud lends itself to technology development, as it can serve as a giant test bed for datacentric applications. Artificial intelligence (AI) and machine learning are two disciplines that already are exploiting the cloud’s features, and other applications are emerging. In turn, the appearance of innovative uses is influencing the cloud, and that influence is likely to increase as momentum builds to explore further applications.
“That’s the power of a software-defined infrastructure,” asserts Mark Ryland, director, Office of the Chief Information Security Officer at Amazon Web Services (AWS). “It enables a small number of clever programmers to build out systems that would have been impossible without an army of people buying and deploying hardware.
“It also allows experimentation,” he continues. “In the past, [information technology] was not known as being an experimental science because the costs were too high and the risks of failure were too painful. But in a cloud environment, you can spend a few hundred, or at most, a few thousand dollars, and build a pretty elaborate system and see if it works. If it doesn’t, try another one.”
A paradigm shift could be in the making. “Those are completely new ways of thinking about [information technology] that I think will unleash a lot of innovations that we cannot even imagine at this point,” he declares.
Ryland relates that the cloud’s original customers used it for less-sensitive data workloads. As users became more familiar with the cloud, they became more comfortable with it and began to rely on it for mission-critical applications. Some applications simply were rehosted with minor modifications. But increasingly, users are employing cloud-native design patterns, he observes.
One example he cites is function as a service, in which a user uploads a piece of code, and the cloud executes the function when certain events happen. The user pays only when the events take place, which provides cost savings when the events are rare. Similarly, if the events happen frequently but in a compressed time period, then the cloud scales up its performance, but the user still only pays for the brief times when the events occur.
The result is a considerable savings over virtual machines, Ryland says. The ability to store a massive amount of information cheaply and to access considerable computing power for only the cost of time used is enabling machine learning and other computing-intensive applications—uses that would have been technologically difficult or prohibitively expensive until recently.
“The existence of this new tool [the cloud], with its many features, is changing the way people build and design applications,” he states.
As the masses contribute to reshaping the cloud, providers are constantly looking to improve services based on their feedback and usage patterns, Ryland notes. Mobile applications, in particular, are having a significant effect on cloud services. The cloud is a natural adjunct to mobile systems, especially for users without a virtual private network. In this case, the cloud helps systems reach a hardened secure endpoint over the Internet. Also, the front end of a mobile application often is cloud-based, and the cloud provides the needed application programming interfaces (APIs) for that app. “Using the cloud as a back end is a perfect way to build a mobile app,” he says.
As the cloud continues to evolve, security remains a key element. Ryland notes that security has de-emphasized the network perimeter as its fundamental concept. AWS’ cloud APIs are both accessible and hardened endpoints. But nothing in the cloud’s security depends on whether a packet can be delivered to those endpoints, he explains. The trend for cloud security is to move up the stack, paying less attention to firewalls and packet-level security while focusing more on secure request signing and defense in depth.
These security trends are being driven by both customer needs and adversary capabilities, he offers. The main challenge in cloud security is less a matter of sophisticated adversaries and more a matter of basic measures such as patches, password rotation and multifactor authentication. The cloud helps through automation, in which every security aspect is programmable—“every single feature is an API call,” Ryland states. Software can be written to perform cloud configuration and maintenance, and tools can automate the layer above the cloud itself, he adds.
“If you’re building applications in a modern way—deploying and updating code frequently—then you build security right into the development pipeline,” Ryland says. “Security checks, code scans, penetration testing all are done on a daily or hourly basis as you develop and deploy your systems.”
The tools now available and the ability to automate make for more secure deployments, he adds.
The biggest security factor is that customers realize they need help with basics, Ryland offers. Automating important or difficult manual tasks can reduce security risks.
Customer requirements continue to drive security development. Ryland relates that AWS released two important security services late last year. One is a data protection service that, given the right permissions, will scan a customer’s storage environment seeking sensitive data such as personally identifiable information (PII) or protected health information (PHI). The service will alert the customer if it observes unusual access patterns, for example, from insiders who would not normally view or download large amounts of data. The software also will look for any configuration holes or data that is not locked down. Ryland explains that this software was designed in response to individual customers loading massive amounts of data into the storage system.
The other security service was for intrusion detection. Data about the virtual environment is used to create a pattern-alerting function to warn of unusual activities. Examples might include access from questionable Internet protocol addresses or a TOR network, which ensures anonymous communication. Other tipoffs could be Domain Name System (DNS) hookups of names on a watchlist or even unusual outbound traffic. Both internal and external intelligence feeds help guard customers’ cloud data, he notes.
For government customers, the most important element in securing the cloud is compliance, Ryland states. Clouds must undergo audits, and agencies must document that they meet government rules and regulations that include third-party auditing and validation. While the cloud generally decreases security concerns, it is a shared responsibility, and customers must use the system “in a sane and safe way,” he emphasizes.
While security is an established and ongoing growth area in the cloud, AI is both benefiting from the cloud and serving it. Originally, AI required huge amounts of data and computational power to train its models effectively. Now, for a relatively small amount of money, the cloud offers the ability to process massive amounts of data using high-speed computational units, particularly graphics processing units (GPUs). Cloud users can access new general-purpose GPUs (GPGPUs) in tens of thousands of cores running parallel algorithms, which allows machine learning to take place in minutes instead of the weeks or months it took in the past, Ryland notes. “The [result is the] ability to accumulate, store and process very large datasets and the ability to do the computation at a reasonable price in a reasonable time for something that would have been completely impractical or literally impossible not too many years ago,” he states.
The relationship between the cloud and AI is not a one-way street, however. “The beauty of this technology now is we can apply it to a lot of challenges that arise,” Ryland says. In security, machine learning can detect abnormal human behavior as well as unusual network traffic. Machine learning models serve supply chain management, helping to determine when to increase inventory and expand infrastructure. Other cloud AI applications include speech-to-text transcription, text-to-speech conversion and image recognition. Again, behind these applications are sets of models constantly undergoing improvement. “The characteristic of an AI-based service is the more you use it, the better it gets,” he warrants.
One future cloud AI application could be tiering of storage service. In this scenario, data that has not been accessed for a fixed period of time would be placed in a less-expensive cold storage that contains infrequently used information. Machine learning models could anticipate when this data might be used again and move it out into active storage, possibly the hottest tier, based on usage patterns.
Future cloud AI endeavors might bring machine learning to the masses, Ryland predicts. One approach the company has adopted is a programming environment that provides preconfigured applications, sample code and interactive training models. These allow an average programmer to build and deploy his or her own machine learning models, he says, adding, “Instead of just thousands of programmers, there are going to be millions of programmers that can use these advanced tools as part of the applications they build.”
While the cloud still represents only a small percentage of information technology expenditures, its growth is not likely to abate, Ryland offers. One burgeoning cloud trend is serverless computing. Instead of running virtual machines or managing computers and hosts, the cloud provides an abstraction that allows engineers to deploy just code or write their data into a database. The database would not necessarily be a large running system, but more of a “service at the ready” that could respond to a request, he explains. If no request comes in, then no resources would be consumed. Costs would shrink and efficiencies would grow.
Advances are allowing users to bring a piece of the cloud to the field with them. Ryland notes that Enlighten IT, a Maryland consulting and software engineering firm, has built a cybersecurity analytics platform that runs in the AWS U.S. GovCloud. The Defense Department uses the platform to perform forensic analysis of network information, he relates.
A key component is a portable storage device known as the Snowball, which can hold up to 100 terabytes of information. Users pay by the day to be able to carry it wherever it is needed. When it is returned to AWS, its new data automatically is uploaded to the cloud. Enlighten has configured Snowball so that Defense Department cyber defense units can deploy it to the field, and then upon their return, pool the devices’ data into a data lake for analysis and machine learning in GovCloud.
“You always will need some kind of device at the edge,” Ryland states. “Ones that are deployed from and returned to the cloud are a very powerful model. You have massive data analytics, machine learning and cybersecurity all together.”
He adds that AWS is piloting several other Snowball use cases with the military. Applications may encompass forward-deployed situations, including ships and aircraft that may need to move large amounts of data around diverse locations. Again, Ryland notes, innovative users may develop new applications for the technology.