Cloud security today - a snapshot

4 views
Skip to first unread message

Gilad Parann-Nissany

unread,
Nov 24, 2009, 10:15:08 AM11/24/09
to cloud-c...@googlegroups.com
Hi cloud-computing folks.

I pulled together a few thoughts on the current state of the topic and would appreciate constructive criticism and feedback. I did not especially intend to be controversial, but if anyone does find this controversial - feel free to criticize. I am interested in your views and feedback.

-------------------------------------------------------------------

Cloud security is a topic in the formative stage. The most important thing right now - so many people realize there is a problem and are working on solutions.

Do a Google search for "cloud computing security". There are too many articles & posts right now with a title like "the 5 things to think about" and too few articles & posts with a title like "here is the solution to problem XYZ".

This reflects current perceptions and realities. We, as an industry, are long on questions and short (yet) on the answers.

Enterprise customers of all sizes (small, medium and large) have taken to the cloud in a very gratifying way, and intend to continue doing so. Some 25% intend to do concrete projects and put these projects in the cloud, going to production with an external cloud provider. These are amazing numbers, given the newness of the cloud approach.

The attraction is economics and operations, Cloud computing is very attractive economically, transforming up-front capital expenses into "pay as you go" operational expenses. Customers like this, and want to go in this direction.

But these same customers say Security and Privacy are their top concerns when going to the cloud. They will choose their projects carefully, with this in mind.

What will the solutions look like? The solutions will have to reflect the nature of the topic.

Cloud computing is not purely a technological invention. It is an aggregation of many technical inventions that have been around for some time, and have reached critical mass. In a few places there really is new tech - for example in "No Sql" distributed databases. In many places we see old tech used in new ways. The big invention is the operational model; its all about using the internet, virtualization, large-scale hosting and commodity products in a new and different way.

Security offerings in this space must take these realities into account. It will be interesting to watch how things evolve, in a space where the invention has a strong operational taste.

At the same time, industry groups like Cloud Security Alliance (CSA: http://www.cloudsecurityalliance.org/) are trying to gel a consensus on what security means within this new operational model. This is a fascinating discussion which may well lead to best practices and standards.

We live in interesting times.

Regards
Gilad
__________________
Gilad Parann-Nissany
CEO, Founder
http://www.porticor.com/
Reply all
Reply to author
Forward
0 new messages