Hi cloud-computing folks.
I pulled together a few thoughts on the current state of the topic and would appreciate constructive criticism and feedback. I did not especially intend to be controversial, but if anyone does find this controversial - feel free to criticize. I am interested in your views and feedback.
-------------------------------------------------------------------
Cloud security is a topic in the formative stage. The most important
thing right now - so many people realize there is a problem and are
working on solutions.
Do a Google search for "cloud computing security". There are too many
articles & posts right now with a title like "the 5 things to think
about" and too few articles & posts with a title like "here is the
solution to problem XYZ".
This reflects current perceptions and realities. We, as an industry, are long on questions and short (yet) on the answers.
Enterprise customers of all sizes (small, medium and large) have taken
to the cloud in a very gratifying way, and intend to continue doing so.
Some 25% intend to do concrete projects and put these projects in the
cloud, going to
production with an
external cloud provider. These are amazing numbers, given the newness of the cloud approach.
The attraction is economics and operations, Cloud computing is very
attractive economically, transforming up-front capital expenses into
"pay as you go" operational expenses. Customers like this, and want to
go in this direction.
But these same customers say Security and Privacy are their top
concerns when going to the cloud. They will choose their projects
carefully, with this in mind.
What will the solutions look like? The solutions will have to reflect the nature of the topic.
Cloud computing is not purely a technological invention. It is an
aggregation of many technical inventions that have been around for some
time, and have reached critical mass. In a few places there really is
new tech - for example in "No Sql" distributed databases. In many
places we see old tech used in new ways. The big invention is the
operational model; its all about using the internet, virtualization,
large-scale hosting and commodity products in a new and different way.
Security offerings in this space must take these realities into
account. It will be interesting to watch how things evolve, in a space where the invention has a strong operational taste.
At the same time, industry groups like Cloud Security Alliance (CSA:
http://www.cloudsecurityalliance.org/) are trying to gel a consensus on
what security means within this new operational model. This is a
fascinating discussion which may well lead to best practices and
standards.
We live in interesting times.
Regards
Gilad
__________________
Gilad Parann-Nissany
CEO, Founder
http://www.porticor.com/