The truth about Cloud security
There are times when it seems as if a rumor gets started and then it grows on itself until we just accept it as a truth. Nobody seems to really question it even though many, including those that quote it, know of its shaky derivation. One that comes to mind is that 70% of development is spent in verification. Nobody even knows if this means number of people, elapsed time, cost or some other measure, but we do know that 70% of something is taken up by this task. Over the past few months another such myth has started to emerge and that is what I want to discuss today. The myth is that nobody will trust their design to the Cloud and this is why EDA in the Cloud has not worked. I wrote a piece just the other day about a new OneSpin effort in which they avoid ever putting the customer design on the cloud, instead only putting small abstractions of it there from which the design cannot be reassembled.
Then I read an article, and I am afraid I do not remember who wrote it or where it was published. It was from a small, independent IP provider and basically said – if someone steals my design, then I take it as a sign that it has value and that I did a good job. I would rather get paid for it, and most of the companies that are reputable will do so, because it is not worth them stealing something and getting caught.
Next I spoke to Mohamed Kassem, an entrepreneur who is constructing a yet to be announced cloud-based semiconductor company. He told me that there is a big difference based on the size of company that you talk to. He said that large semiconductor companies talk a lot about the security of their data and yet they don’t really walk the talk. I will get back to what he meant by that in a minute. However, smaller companies do not have these concerns and issues such as EDA license costs and usability are much larger concerns for them. They would welcome cloud-based systems if it provided them with advantages over the current setup.
There is also an issues regarding small versus large cloud providers. People are more concerned with knowing where their data is located and how it is protected. Some people may have an issue with using Amazon Cloud services and may prefer a small dedicated service provider that makes it very clear how the system is organized and maintained. Others would rather trust a company that is putting it reputation on the line. But this comes back to the point Mohamed was making. He said that most companies IT infrastructure is so badly put together and maintained that it provides less protection than they think. They have a mish-mash of software and versions of software and employees adding all of their own non-approved hardware and software onto machines that hacking into these systems is probably a lot easier than they imagine.
There is a further advantage for several types of suppliers of IP as well. If the data is stored on the cloud and used in the cloud, it actually provides a much easier upgrade, maintenance and control environment compared to the situation today where they have to ship stuff to many customer sites and then have no visibility into how it is used. They can see who access it, uses it and they can track stuff.
So, in the past it has been the large EDA companies that have tried and failed with the Cloud and offering cloud-based services. It may be that their top few customers are concerned about the Cloud and not yet ready to take the leap. Even so, there may be others that would jump at the opportunity if the right services were made available to them. It appears as if it is time for the small guys to take a stab at solving the problem for the masses.
Brian Bailey – keeping you covered
If you liked this feature, and would like to see a weekly or bi-weekly collection of related features delivered directly to your inbox, sign up for the IC Design newsletter.