I was reading up today on an interesting story around SpotCloud. Not sure you have heard of this yet, but it is a commodity marketplace set up to buy and sell excess cloud capacity. It is brought to us by Enomaly, the makers of the Elastic Computing Platform (ECP). Putting aside for a moment whether the cloud market is mature enough to support a commodity-type spot market (I didn’t think so, but maybe I am wrong), I wanted to focus on what are the security implications (what a surprise) of this new service.
SpotCloud right now only offers spot market services to buyers and sellers who use the Enomaly ECP IaaS platform. Having this on a monolithic platform makes for greater uniformity and easier administration, including perhaps a standard best practices for security. However, according to the website they are going to expand to more IaaS platforms soon.
So again for the moment, lets assume there is a big enough, mature enough market for a cloud commodity spot market. What about the security for these VM sessions being purchased. Buyers can buy VM sessions across multiple providers in SpotCloud. Will the security options be uniform? Will they at least be equivalent? Won’t it be a nightmare to install different security solutions at each cloud provider? Especially since many of the users of SpotCloud will only use their VM for a short period of time.
This is what the SpotCloud FAQ says about security:
How do I secure my SpotCloud VM?
User access to VM should be disabled for increased security. The VM package is typically configured to automatically boot, self configure itself and phone home without the need for direct OS access. VM examples available.
Can I trust the Buyers or Sellers?
We fully vet all market participants.
Are there any SLA’s, support or guarantees?
No, to keep the costs as low as possible the service is offered without any SLA, direct support or guarantees. We may offer support in the future. Although we do have a phone and are more than happy to talk to you. 416.848.6036.
I don’t know about you, but this does not inspire me. User access to VM should be disabled? That is how I secure my VM? But not to worry both buyers and sellers are fully vetted? Hey even the White House lets a few losers sneak by in their vetting process, what makes you think Enomaly will do any better? But don’t worry if a bad apple sneaks by and something happens there are no SLA’s , support or guarantees. Again doesn’t exactly give the warm and fuzzy feeling to go out and trust this.
Maybe I am wrong. Maybe I am missing something. Maybe the cloud market is mature enough to support a commodity spot market. Maybe people won’t care about the security, believe in the vetting process and not care about SLAs and such. Hey maybe they can get a few ex-Enron guys to help run it. On the other hand, maybe I am not wrong and this is an idea whose time has not yet come. Unless I could hear more about security, I think there might be better commodities to invest in.
- SpotCloud, the First Clearinghouse at Marketplace for Cloud Computing Services, Launched by Enomaly (prweb.com)
- Is There a Need for a Cloud Spot Market? Enomaly Thinks So (diversity.net.nz)
- Enomaly, Autonomic Resources, Carpathia, and Dell Win US Federal IaaS Cloud Contract (elasticvapor.com)
- SpotCloud: It’s a Market, Not a Cloud (nytimes.com)
- Cloud Market Lets Users Buy Cheap Excess Compute Power (pcworld.com)
- The Debate About a Cloud Service in the Spirit of Hotwire.com (readwriteweb.com)
- Introducing SpotCloud, The First Clearinghouse & Marketplace for Cloud Computing Services (elasticvapor.com)
- Can SpotCloud Gain Traction? (cloudave.com)