Storm Clouds: Parallels between the Cloud and Shadow Banking
BackThink about the 2008 banking crisis for a moment now. The meltdown was characterized by a lot of bitter politics and confusing economic policy, but across the spectrum there was agreement that some people were taking risks with money that they should not have. Now, which people and which risks and why were all questions open to a debate that still is unresolved, but all putative explanations suggest that cloud computing is threatening to make all the same mistakes over again.
In spite of their obvious differences, cloud computing has a lot in common with banking when it comes to managing valuable resources – data in the former case, and money in the latter. Both banks and clouds offer advanced services, like loans in banks and advanced computing in clouds, that individuals and businesses just cannot manage on their own. Furthermore, banks and clouds let you access your resources from anywhere using an internet connection.
Most importantly, though, they both spread out risk. The potential effect of getting the money under your mattress stolen or having your computer meltdown is high. It is all or nothing. Both banks and the cloud protect your assets by pooling together your resources with others to invest in a cost effective strategy using big safes, security teams, intense network security, etc. It is a pretty fundamental concept: strength in numbers.
This simple model broke down with the banks when banks decided that instead of pooling your resources together to minimize your risk, they would go ahead and use those resources to minimize their risk. They realized that if they gather more and more loans together the probability of them having to take a loss drops dramatically, even if their loans are likely to fail. All they had to do was make sure that the probable returns are greater than the probable losses. The problem with relying on probability, though, is that it only means something probably will happen. With all their money locked up in buying more loans, nobody was ready when a bunch of loans all failed at once and the system came down.
Computing is a lot more like this than people may be willing to give it credit for. There has been plenty of fuss in recent years over protecting data on the cloud from viruses and hacking, but it is rather difficult to find many people talking about the dangers of collecting risk on the cloud.
A cloud is under attack from countless threats at any given time, and the more people uploading and downloading from it, the more it will face; if one of those threats breaks a hole in wall, the chances of another getting through are higher. Google has done a lot to instill faith in its popular cloud's resistance to such a first breach, recently having received a high level certification for its security credentials, but every tech company and its mother is offering cloud services these days. As clouds become as numerous and popular as banks, but still poorly regulated, the risk of bad security practices becoming ubiquitous is increased.
A recently publicized case of cloud malfunction happened to one Wired columnist when a security breach spread like wildfire, destroying basically his entire digital life. Much of the disaster was caused by careless decisions on his part, but it underscores the danger that internet connectivity may pose to clouds. What if a single virus went from cloud to cloud, not resulting in identity theft, but causing serious system failures in every server it touches? If big companies like Google keep their AAA+ security credentials there probably will not be a problem, but there is every reason to believe clouds more interested in making a quick buck will not bother to take the same precautions.
The idea may sound a bit far-fetched, but a global economic meltdown sounded pretty far-fetched to most people in 2007. Today, many of the same things that happened in banking are happening in computing, starting with the fragmentation of risk management. Data is being moved over to third parties, for multiple reasons, separating the people who evaluate risk from the people that have to deal with it. In banking, this meant that the people giving loans were not the same ones who were doling out the money in the end. As history has shown, that was not a good idea.