It’s time to think about separating the hype from the reality again. Web3, the metaverse, and even cloud computing are being hyped to the point where our irrational focus is hurting the technology we hope to promote. There’s nothing as discrediting to a technology like a good, disastrous, market crash. We could set up such a thing in all three areas. But declaring nonsense as such isn’t enough here; we need to define some sense, so let’s get to it, and let’s take these topics in a sequence that helps our cause.
Cloud computing has, from the first, been presented as the next model of computing overall. Clouds replace data centers, and cloud providers are then the owners of a massive IT revenue stream. There was never a chance this could happen in the near term, and the fact that we’ve chased the view that it not only could happen but was happening has hurt everyone.
I participated in an online webinar on the cloud almost 20 years ago, and it was aimed at the credibility of the “cloud-replaces-data-center” theme, the implicit cloud model of the time. Despite the fact that a publication sponsored it, and despite the fact that probably everyone wanted the conclusion to be that the cloud wins it all, the majority of the users who participated agreed with my position that security and availability were absolute barriers to the cloud replacing the data center. My inputs from enterprises as recently as last month shows that nothing has really changed, but something has been added.
The addition is the cost constraints. Enterprises who use the cloud regularly say that cloud pricing is such that a decision to move their data center applications to the cloud would result in a cost increase of “over three hundred percent” on the average, with some enterprises saying the cloud would cost five times as much, and none saying it would be less than double the current data center cost. Unless the cloud providers radically changed their pricing model, which would kill their own margins, there is no economic incentive for a shift of everything to the cloud.
The cloud model, with some PaaS enhancements, is likely to become the edge model. When it does, it adds importance to a question that some users are already asking, which is just where their virtual resources are realized. Many people pay for geographic specificity in hosting; how do you really know you’re getting it? Most users would care only if some expected benefit of that specificity proved missing; if latency suggested their hosting was further from their users than expected, for example. Some who have content sensitivity to some country regulations might not find out until they discovered that somebody had claimed jurisdiction. The edge could change that.
Edge computing is justified by latency improvements versus traditional cloud, but edge hosting (particularly in the early days) will be more expensive because the resources are sparse at any given location. Would users really be sure they were getting “edge hosting”? Some are already wondering, which demonstrates that when you have something virtual, you can’t be quite sure about the way the virtual thing is realized.
The important thing the cloud has changed is our application model. The cloud has created a new application model, a model where the transaction processing and database analytics have been separated from the user interface or “presentation layer” of an application. The legacy layer focuses on security and database processing. The new layer is more likely to guarantee properties than guarantee geographic placement, which means that even things like cost and security could become properties that you ask for and pay for. However, the cost of getting data-center-like security and cost in the cloud is likely to be problematic, particularly for the next five years or more.
That’s reflected in current cloud reality. Things that don’t actually relate to maintaining corporate data and analyzing it in bulk have shifted to the cloud, which has allowed for data center applications to be dumbed down, or rather not “bulked up” with new features. It’s also supported new GUI-centric OTT-type application growth, and the majority of the things that are said to have “moved” to the cloud are applications written for the cloud and never run in the data center at all. As time passes and applications change, data center applications and cloud usage are evolving to fit this approach.
“Evolving” is the operative point here. A “move-to-the-cloud” decision is a massive shift that impacts both IT cost and information security. Massive shifts with massive impacts don’t do well, except with the media and some vendors. In the real world, preservation of existing investment is the baseline rule, to be bent only as far as real benefits can justify. Let’s look at the other hyped technologies I’ve mentioned—Web3 and metaverse—and see where applying the evolutionary principle can take us.
Almost everything we hear about Web3 is hype, due in no small part to VCs’ launching all manner of Web3 startups and promoting the concept mercilessly. A lot of the talk has been about “decentralization”, meaning the wrestling of “control of the Internet” from a few big tech companies. Whatever people say about it, the real goal of Web3 is to provide a blockchain-based, token-oriented, identity and ownership framework.
If we apply our “evolving” requirement to Web3, what we’d see is that while in theory all entities could offer secure commerce and identity-based services, those most likely to be both offered and credible would come from the same big-tech companies that are now accused (yes, perhaps rightfully) of “controlling” the Internet. You have a Google account, a Microsoft and Amazon account. You might have one or all of them in Web3 form in the future, but other than the benefit of good ink (as they say) for the companies involved, what’s really behind their security and the authenticity of your identity is the companies’ reputations. Can you, from the outside looking in, tell whether these companies are or would be using blockchain? Could you tell if a startup was, and would the fact that they were, or said they were, make them any more secure as a repository for your financial assets or a guarantor of your identity to others?
How many hacks of blockchain repositories have we had? A secure token held by an insecure party is no longer secure. Even identity guarantees are an issue because whoever holds the identity token and validates the identity still has to assure that the token is only referenced by the owner. Hack and “take” the token and you’ve stolen the identity. The framework of Web3 is based, like all commercial frameworks, on trust. Who can we trust with Web3, other than those who we’re trusting with exactly the same thing, but in a different form, today?
Which leads us to the metaverse. Meta is defining the metaverse as an alternative social reality, to the point that they’re setting up rules of approach between avatars to prevent virtual groping. Meta clearly expects that many of the routine functions we carry out in the real world (commerce, of course, at the top of the list) will be supported in the metaverse. Our avatars will represent us in a virtual world that closely maps to the real one, to the point where consequences of things done in the metaverse will have real-world impact.
How many fake social media profiles do you suppose are created? As we “twin” more real-world things into the metaverse, we raise the stakes of impersonation or simple falsification. If you can steal someone’s avatar, have you stolen “them” for all practical purposes? Is the current concept of identity theft a pale shadow of the mischief someone could work? Will Meta, who has failed to police Facebook with regard to identity up to now, suddenly be able to police the metaverse? Bet they’ll call on things like blockchain to validate their new vision, which only makes them vulnerable to the issues of Web3 already noted.
I’ve said in past blogs that the metaverse was, at its heart, about digital twinning of selected real-world elements. In a sense, so is Web3, and in a looser sense even the cloud. Virtual anything is virtual, representational. That makes anything virtual something like a UFO; until one lands in your back yard and presents itself for inspection, you’re free to assign it any characteristics you find convenient. That’s a source of genuine misunderstanding, deliberate hype, and malicious fraud. And fixing it isn’t about technology, it’s about credibility. We know something virtual maps to a specific reality because some credible, familiar, stable, capable-of-being-sued-and-supporting-collection-of-judgment, says it does. Technology can’t provide that because technology is generating what we need to have guaranteed.
Web3 and the metaverse have technical requirements, but they have potential weaknesses that technology can only smear around, make harder to understand and resolve. We’ll need to keep that in mind as these concepts develop, or the security problems we have today will pale into insignificance in comparison to what these “improvements” will generate. Be very careful in these new areas. There are millions who will benefit from having you believe what are objectively lies, and very few who will benefit from telling you the truth.