Danger Will Robinson: National “Infrastructure as a Service”

Danger Will RobinsonI was in New Zealand recently, and saw the following article in the New Zealand Herald: “Govt in $2b shake-up of data systems”.  As I read the article, the hairs on the back of my neck went up.  New Zealand hopes to move a significant portion of their Information and Communications Technology (ICT) infrastructure into the cloud.  They call it “Infrastructure as a Service.”  It’s supposed to save money.

New Zealand is a wonderful country, and they have much to be proud of.  They dug themselves out of a significant fiscal crisis in the 1980s – and are not afraid to take innovative and/or draconian measures to address their problems.  The article points out that “Once it is up and running, the Government would be one of the first in the world to adopt an Infrastructure as a Service model.”  Bad, bad idea.

The first time I visited there, I took a picture similar to the one shown above of a geothermal power generation plant and told people that it proved NZ was where the clouds were made!  This is ironic, because one of NZ’s big failures in my opinion was their privatization of the electricity grid.  It is my understanding that Kiwis pay more than 3 times what we pay for electricity, despite having an abundance of hydroelectric and geothermal power available.  The irony today is that a national government-wide cloud strategy may not save money (as the electricity-grid-privatization was supposed to do), but may cost far more than expected.  Furthermore, there is a very real danger that it could cripple the ability of the government to deliver services, and could even threaten NZ’s national sovereignty.

I love cloud computing.  It works.  It saves money.  The promise is that the costs of cloud-based services grow only as the organization’s needs grow and don’t require significant capital investment up front.  You don’t need a large IT staff.  There is protection against obsolescence.  Etc., etc..  But Cloud Computing is not for every organization, and those that adopt it need to understand the risks and true costs involved.

False Economies

I believe that there are often false economies with moving services into the cloud.   If not done correctly, cloud based computing can be like payday loans or rent-to-own services.  I saw one medium-sized organization replace its far-from-perfect time keeping system with a cloud-based CRM system:  $50/month per seat – they replaced a suboptimal system that cost them almost nothing with a different suboptimal solution that cost them about $75K per year.  Then they needed to purchase data conversion services, consulting services and training services from the vendor before it was all up and running.  Those up-front costs were in the $75K-$100K range.

Another thing to keep in mind is that IT projects of any sort typically run over budget and over schedule.  This problem seems to be worse the larger the organization involved.  Governments are notoriously bad about this (probably because they’re spending other peoples’ money).  I’m sure the vendors who bid on this project will spin a pretty good yarn, but for some reason I don’t trust Microsoft, Oracle, IBM, Google, SAP, NetSuite, Amazon, or others to necessarily get it right the first time.  After all, New Zealand would be the first country in the world to attempt to put virtually their entire government IT infrastructure into the cloud.  There is no precedent.

Continuity of Services

Someone once said “the bigger they are, the harder they fall.”  I think that was meant to encourage a small competitor to take on a large competitor.  But in the context of enterprise-wide, or nation-wide cloud computing it takes on a whole new meaning:  Imagine if no government employee could use email, access word-processing documents or spreadsheets.  If that happened for even just a few minutes, it would be devastating.  If it happened for an hour, a day or a week, it would be akin to an earthquake shutting down the entire federal government.

The security of a single ICT cloud-based provider (as opposed to the patchwork of relatively independent systems that probably exists today) should be considered.  A single undiversified system will be more vulnerable to malicious attacks or systemic failures.  Cloud-based systems can be accessed via the global internet, and don’t require physical access to the systems.  This can be addressed via technologies like geolocation and by using sophisticated authorization, access, and directory services – but such technologies create management and user headaches all their own, and often create incentives for employees or external users to short-circuit them. (Think of users that write-down their passwords because the system forced them to change them frequently, or people who install free VPN solutions like hotspotshield to work around geographical internet restrictions).

The problem is that the host system (i.e. the cloud-based ICT) is enormous and a vulnerability can affect the entire infrastructure.  Conventional (non-cloud-based) systems are inherently compartmentalized and heterogeneous.  This isn’t always good, but does help to prevent system-wide failures.  For some reason, the picture of a virtual “Death Star” comes to mind when I think of a nation-wide cloud solution… The bigger they are, the harder they fall.

Sovereignty and Security

New Zealand is not generally in the rest of the world’s crosshairs, but its government does have a duty to protect the country’s sovereignty and to protect its citizens against terrorists, enemy governments and industrial espionage.  Clearly, a system that can be accessed relatively easily via the global internet poses a problem in this respect.  I’m sure that New Zealand will take precautions, but I’m skeptical that they will ever be sufficient with a cloud-based solution – especially for the first country in the world to put virtually their entire government IT infrastructure into the cloud.

This is no idle concern:  Recently it appears that Israel, the US, Germany and Britain colluded to prevent Iran from developing nuclear weapons by using the Stuxnet worm to damage Iran’s centrifuges used for refining nuclear material.  There is evidence that China hijacked about 15% of the world’s internet traffic last April.  There is also suspicion that North Korea has launched a series of experimental cyber-attacks in the past few years against South Korea and the US (interestingly this an asymmetric capability on North Korea’s part, since they have little infrastructure of their own that can be cyber-attacked).  Russia, or at least organized crime based in Russia, is well known for conducting denial of service attacks against other countries that get in its way.  Every country should take this type of threat seriously for its economic, military and civil security.

Another problem with sovereignty is where the data is kept.  I’m sure that New Zealand will take measures to keep the cloud-based data within their own borders.  But if they don’t, the data might be subject to eavesdropping by the US under the Patriot Act, or under similar legal regimens in other countries.  If data is stored in other countries, or even transits other countries as part of the global internet, it will be subject to such snooping and there will be little New Zealand can do about it.  I don’t hesitate for a second to think that China, the US, Russia, Israel, Britain and other countries will use such data for industrial and national espionage activities.

Privacy,  Data Security, Government Abuse

By definition, data is stored outside of the organization when using a cloud-based infrastructure.  New Zealand has strict privacy laws, and I submit that a cloud-based infrastructure will endanger the privacy of peoples’ data:  Economic data, financial data, taxation data, medical data, legal data, vital statistics data, military data, and many other types of data are gathered and controlled by governments.  Part of the unexpected costs of developing a cloud-based infrastructure will be related to protecting the privacy and security of data.  I believe that no matter how hard they try, the government will not succeed in protecting the privacy of citizens’ data in a cloud-based infrastructure of this magnitude.  There will not be physical compartmentalization of data as you get with conventional IT infrastructures.  The cloud-based infrastructure will be a Wikileaks delight!  I wasn’t born yesterday:  I know that there are many safeguards that can be used – but I’ve also been on the inside of many organizations and have seen the damage that disgruntled or greedy employees can wreak, or the danger of unforeseen technological threats.

A final concern I have is that of government abuse.  I believe that the New Zealand government is benevolent, and does not intend to exploit the centrality of the data for any nefarious purpose.  But governments, politicians, law enforcement agents and civil servants sometimes yield to temptation and use powers given to them for unethical and amoral purposes.  Or they “extend” their powers after data is centralized or gathered for seemingly innocent purposes (think of the possible abuses of the Patriot Act in the US for instance).  I think it was Otter from the movie Animal House who put it best:  “You f—ed up, you trusted us!”.Animal House

Use common sense:  Don’t do it

New Zealand currently has an RFP out for its $2b “Infrastructure as a Service” project (see http://www.gets.govt.nz, GETS Ref #31944).  It’s a great country, and I really hope they demonstrate common sense and avoid this debacle.  I don’t have a dog in the fight, but would really like them to perform euthanasia on the idea now.  If they don’t, they should try it on one or two departments first.  Isn’t that the idea behind cloud computing anyway:  Only bite off as much as you can chew?