The COVID-19 pandemic sent hundreds of millions of students home worldwide. Work from home is now the only option for many. In this crisis, cloud companies suddenly are the backbone of a global virtual learning and collaboration experiment on a scale never previously experienced. While the Internet backbone has long been a lifeline and reached over half the world’s population in 2019, without scalable cloud services, the current disaster would be unimaginably worse.

Fortunately, cloud companies are weathering the pandemic stress-test caused by the sudden spike in workloads and waves of new, inexperienced users. Microsoft reports a 775% spike in cloud services demand from COVID-19.[1] The order of magnitude demand surge has led Microsoft to prioritize COVID-19-related workloads, and place tighter caps on its free cloud service offerings for new users, and admit that its 99.99% uptime availability target has not been maintained at all times and places through the outbreak. But while there have been incidents, there have been no major cloud outages attributable to the pandemic. Basically, for the cloud, COVID-19 is just a busy day at the virtual office. In fact, cloud companies’ confidence in their ability to scale even further to support many more users forced to work and learn from home is so great, that some are offering free collaboration and conferencing services for those impacted by COVID-19, including some promising free services for the remainder of 2020.[2] However, gaps in the multiple layers of cyber and physical infrastructure required to access cloud services are increasingly evident, particularly for low-income families and poorly connected regions, and the suddenly unemployed. Education and training gaps are also exacerbated. Still, the fact that the cloud is working so well will inform future discussions about the ways that cyberphysical infrastructure, the nature of work, learning, and healthcare across the world will co-evolve.  As will its failures, not least in the potential deadly consequences of cyberattacks when under quarantine. Predictably, the growth of cloud -dependence- for daily life has led to an explosion of cybersecurity incidents.

In this crisis, secure cloud architectures are now essential not only for large enterprises and governments, but also for municipalities, small businesses, schools, and home users. In other words, everyone. Protecting against malware and viruses of the computer variety may not appear to be as deadly as COVID-19, but cyberattacks on WHO COVID-19 efforts (fortunately of limited impact, so far) among others could have devastating consequence. A successful ransomware attack on a school, business or hospital could be especially devastating at this time, and potentially, deadly. Syracuse University School of Information Studies cloud to edge research and engagement in a NIST-led public-private partnership to fortify communities’ cloud readiness may now be especially significant. We will discuss our cloud research later, after first reviewing the current cloud market ecosystem.

Amazon’s profits even pre-COVID-19 largely came from its market-leading cloud services. Just 5 companies captured seventy percent of the revenue in the 2019 $100 billion public cloud market: Amazon Web Services (AWS), Microsoft Azure, Google, IBM and Alibaba. Other global cloud players include Salesforce, Oracle Cloud, Tencent Cloud, Rackspace, VMware – and Netflix. Yes, Netflix is basically a cloud content distribution service, hosted by AWS. The collaboration, conferencing, and digital workplace tools pressed into urgent COVID-19 duty by schools and firms  — including Zoom Video, Slack, Monday, Blackboard, Microsoft Teams, WebEx (owned by Cisco), Canvas, Google Classroom and Hangouts Meet, AnyMeeting, open source Moodle, and Workspace One among others — typically all run on public cloud infrastructure. Both Blackboard and Zoom run on AWS (as do the CIA, ESPN, and Twitter). HP and Adobe rely on Microsoft, while Cisco’s WebEx Contact Centers rely on Tata’s cloud infrastructure. Syracuse University iSchool cybersecurity, privacy, secure cloud architecture and cyberinfrastructure testbed collaborator Splunk is successfully helping its 20,000 customers maintain IT operations, security, and IoT/missions in the present ‘mostly cloud, everyone is remote’ environment. Splunk’s social impact arm Splunk for Good is also pitching in with COVID-19 data dashboards and other resources to help suddenly remote, cloud-serviced workers. [3]

The robustness of the public cloud supporting those now essential tools has been proven in recent weeks. It is difficult to conceive of the scale of these companies’ data centers, with Microsoft alone operating over 50 compute zones around the world, where workloads can be dynamically reassigned, while AWS has more than 70 such entities. The complexity of managing them is significant. For example, if a data center has 2500 racks at 750 disk drives per rack and disk drives fail at about 2% annually, then a medium-sized (50 MW) data center will see an average of 100 failed drives every 24 hours, or one every 15 minutes. Power consumption, software updating, and cooling considerations operate at comparable orders of magnitude and are coordinated by cloud management tools from VMware and Red Hat among others. Extreme data center management has evolved into its own specialization to address these challenges. Fortunately, many data center management tasks are fully automated – and managed from the cloud – so personnel required to be onsite is minimal, even in normal times.

In addition to the collaboration apps, another aspect of cloud computing bears directly on the COVID-19 crisis. In the scientific search for vaccines, treatments, and testing, many cloud providers have pledged compute time for researchers working on the virus, as in the example mentioned above of Microsoft prioritizing COVID-19 workloads. Data scientists utilizing machine learning and artificial intelligence tools to contribute to this urgent research, of course, also rely heavily on public cloud resources. Another example of this same effort is the University of Washington’s Foldit site, which is a web-resident video game in which players try to find patterns in protein folding. The site’s participants have uncovered potentially valuable leads into the Corona virus, much as they did with a retrovirus associated with AIDS.

For all these cloud services, many are naturally concerned with privacy and security. Syracuse University faculty co-lead, along with City of Syracuse and American Civil Liberties Union (ACLU) officials, the NIST GCTC SC3 cpSriA ‘Secure Cloud Architecture’ Action Cluster, more formally known as the Smart and Secure Community Challenge (SC3) cloud privacy Security and rights-inclusive Architecture (cpSriA – pronounced ‘Sreea’). The architecture protects communities privacy and security by design. cpSriA Secure Cloud Architecture offers a novel and intuitive ‘red, yellow, green’ data risk classification model, which we believe can be readily understood and implemented by school principals and teachers, city officials and small business operators. Now, we expect moms and dads, and their kids, suddenly made responsible for connecting essential infrastructure from their homes and apartments, may find it helpful to also think or red data they must protect, yellow data they should worry about, and green data (open, public and civic data) hackers are welcome to share as they wish. The architecture builds upon prior NIST Frameworks and standards. cpSriA v0.8 is being submitted to NIST GCTC CPAC for consideration as a smart city and community framework series framework contribution; v0.7 was publicly released in July 2019. [4]

The architecture is designed to build in by design cloud privacy, security, and human and data rights protection, not just for one firm or city government, but rather for entire regions and – all – people living there. This may be especially helpful now. Fortunately, organizations such as the non-profit Adaptable Security, in cooperation with the GCTC public-private partnership, are preparing to offer many tools as well as access to experts, either at free no or cost, to help communities across the country with best practice privacy and security guidance, including for cloud services.

For all the scale of the public cloud providers, and the elastic, scalable applications and services running on them, however, broadband infrastructure to end users varies considerably. For millions of people in the U.S. and many more worldwide, wired high-speed Internet access is an impossibility. Satellite access, while improving rapidly in performance and cost as new satellite constellations are launched and smarter antennas and devices become available, is still generally slow, spotty, and expensive, while 5G cellular is still not widely deployed. (5G itself is basically a bundle of telco cloud services and functions, combined with new radio access technologies, but that is a discussion for another article.)  People without wired or wireless broadband cannot readily access remote health care, online learning, their workplace, or streamed entertainment.

New edge compute tools also require cloud access; fortunately, Syracuse University edgeware research has identified, demonstrated, and tested in the field promising approaches to trustworthy cloud access and immediate connectivity, even where affordable wired and wireless broadband is unavailable.[5] We therefore predict that one outcome of the current crisis will be renewed emphasis on government and other incentives to provide rural broadband — and with improved, sensor and cloud data-aggregated broadband mapping, a discovery that “rural” can fall very close to large population centers. Repurposing of Universal Service Funds to focus on access to broadband, and thus cloud services, is among the readily foreseeable policy consequences for the COVID-19 crisis. In addition to network infrastructure, what are some other barriers to successful remote work, medicine, and learning?

1. Regulations

Many organizations previously prohibited remote access due to security concerns and regulatory obstacles. There are indeed serious cloud vulnerability issues, as the NSA recently highlighted [6] and as we discuss below; but on-premises workplaces themselves suffer no shortage of vulnerabilities and points of cyberattack. Still, the FDA and Centers for Medicare and Medicaid Services, for example, invoked HIPAA and other concerns to constrain telehealth adoption for many years. With hospitals now under siege, keeping doctors and nurses safe while performing their jobs and interacting with patients at a distance whenever possible has suddenly become a priority. Hospital enterprise software quickly adapted to provide both patient information security and new billing codes to address this new reality. Following NIST Frameworks and Guidelines, cloud services can be safe and secure, and protect privacy and other rights. NIST’s Global City Team Challenge, Smart and Secure Cities and Communities public – private partnership has produced actionable guidelines for communities of all scales. For example, the NIST GCTC CPAC (Cybersecurity and Privacy Advisory Committee), which iSchool faculty and Worldwide innovation Technology entrepreneurship club (WiTec) students contribute to, has released risk management guidelines for community public officials and small businesses that is freely available.[7]

2. “Home” is infinitely variable

Whether it is students lacking a modern laptop, or a household lacking broadband access, or the lack of a quiet workspace, working from home may not be practical for everyone. Further, for many victims of abuse of whatever sort, “home” does not equate to safety. With libraries and coffee shops closed, finding safe remote physical space from which to work can be difficult or impossible. Wi-Fi access from library parking lots is an important community service today.

3. Technical literacy and information security awareness

With more people logging in remotely, the risk from home routers, computers, and IoT devices like webcams which may not be well protected from malware, viruses, and other attacks is growing. Not only do these remote workplaces provide openings into personal data (for example, one teacher’s shared Zoom desktop featured a file folder entitled “DIVORCE”), but enterprise networks also must guard against new intrusion vectors. Many people lack the experience or technical help to troubleshoot, monitor, and patch their now critical personal cyberinfrastructure. The NIST GCTC CPAC COVID-19 Task Force, again with Syracuse University participation, will be offering trustworthy guidance during the crisis, intending to reach a wider audience beyond the critical infrastructure, information technology industry and service sector professionals, government employees and municipal officials that in other times were the NIST Cybersecurity and Privacy Advisory Committee’s principal audience. We expect the Task Force will have more to say about its plans and offer some initial guidance for our now virtualized and cloud-operated cities, communities, schools, small businesses, and homes, soon.

4. Teamwork

While the novelty of working or learning in one’s proverbial pajamas may initially seem appealing, there are reasons for co-located work teams. Coordination costs, unit morale, and chance encounters where problems get identified and solved all suffer in purely distributed scenarios. Of course, many in the technology industry or in job functions like sales have long been part of distributed work teams. But the absence of all face to face meetings is disruptive even for experienced tele-workers and is dis-orienting for many thrust unwillingly into a new way of work, living and learning.

5. Business models

Zoom’s stock value is up at a time of plummeting markets, as it is gaining many new users and performing well under COVID-19 crisis conditions. But its privacy practices and reliance on the sale of user data to AdTech providers has been criticized, while ‘Zoombombing’ is a thing. As links may be publicly accessible, Zoombombers often need no hack. While there is no indication Zoom user information is being harvested from sessions, even if it is as confidential as a doctor-patient discussion, compliance to federal privacy guidelines is also not assured. Cisco has been working to monetize teleconferencing for more than a decade, with mixed results. The award-winning Microsoft Teams has been called its best new product in decades – by one of the authors. Still, which cloud services and applications can best sustain reliable performance, a viable business model, and user-friendly interaction for the various remote collaboration markets will become clearer as the crisis unfolds.

What are the long-term effects of this sudden mass discovery of cloud-based collaboration? First, we expect in future smart managers will find the best of both worlds, creating more flexible hybrid models of co-located and distributed work. These new work practices will prove their worth in multiple ways, from increased resilience to better utilization of real estate. Second, education will no longer be segregated into “online” and “physical.” There could conceivably never be a snow day again, if school administrators put their minds to it.

Finally, telehealth has received the kick-start it needed to begin meaningful use and experimentation in protocols, instrumentation, and outcomes measurement and of necessity is expanding far beyond the limited pre-COVID-19 telemedicine adoption levels. “Going to the clinic” will be a meaningfully different experience by 2025, not just in rural Africa but for anyone with a smartphone. Until then, we will see continued co-innovation by incumbents, cloud-native application developers, cloud service, platform and infrastructure providers, and users to discover and build a new set of practices and expectations for navigating this new virtual world. Syracuse University iSchool and its partners will continue to contribute, in among other ways by teaching cloud management and architecture, and blockchain management  as the iSchool has been doing for many years, or through use of learning tools for our own students or researching future cloud to edge cyberphysical infrastructure and systems.

Footnotes

[1] See: Mary Jo Foley, “Microsoft: Cloud services demand up 775 percent; prioritization rules in place due to COVID-19”, ZDNet, March 29, 2020; accessed March 29, 2020 at:  https://www.zdnet.com/article/microsoft-cloud-services-demand-up-775-percent-prioritization-rules-in-place-due-to-COVID-19/

[2] See Gadjo Sevila, “Conferencing Tools from Microsoft Google, Cisco WebEx, Intermedia, are Free for a Limited Time,” PC Mag, March 21, 2020, accessed March 29, 2020 at: https://medium.com/pcmag-access/conferencing-tools-from-microsoft-google-cisco-webex-and-intermedia-are-free-for-a-limited-time-c0c66a632347

[3] For a COVID-19 data dashboard, see:  : https://COVID-19.splunkforgood.com/coronavirus__covid_19_  For more information see: https://www.splunk.com/en_us/blog/leadership/bringing-data-to-COVID-19.html https://www.splunk.com/en_us/solutions/covid19-response-overview.html

[4] Lee McKnight, Kevin Bornatsch, Yusuf Abdul-Qadir, Sam Edelstein, Lan Jenson, (2019) “Secure Cloud Architecture.  Towards a Smart City cloud privacy, Security, and Rights-Inclusive Architecture,” SC3-cpSRIA ACTION CLUSTER BLUEPRINT v0.7 Published by NIST GCTC July 10, 2019 https://ischool.syr.edu/wp-content/uploads/2020/04/CommunityCloudPrivacy.pdf

[5] See for example: Tyson Brooks, Jerry Robinson, Lee McKnight, (2012) ‘Conceptualizing a Secure Wireless Cloud,’ International Journal of Cloud Computing and Services Science (IJ-CLOSER) Vol.1, No.3, August 2012, pp. 89~114; ISSN: 2089-3337; and Lee W McKnight, Danielle T. Smith, Angela Ramnarine-Rieks, , Paul Sujith Rayi, Katcho Kwame, Mathe Eliel, (2020) “Cognitive Cloud to Edge Systems for Remote Real Time Monitoring: CO2 Sensing at Mount Nyiragongo Volcano, Employing the Internet Backpack,” to be presented at IEEE CogSIMA 2020, (IEEE 2020 Conference on Cognitive and Computational Aspects of Situation Management) University of Victoria, British Columbia, Canada.

[6] See Cybersecurity Information, ‘Mitigating Cloud Vulnerabilities,’ National Security Agency,  January 21, 2020; accessed 3.29.200, at: https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF

[7] NIST GCTC SC3 CPAC, (2019) “A Risk Management Approach to Smart City Cybersecurity and Privacy,’   July 10, 2019, https://ischool.syr.edu/wp-content/uploads/2020/04/2019_GCTC-SC3_Cybersecurity_and_Privacy_Advisory_Committee_Guidebook_July_2019.pdf