Thursday, September 24, 2009

More on Cloud Security


The other day I posted a quick note on Cloud security. As a follow-on to that post the following two articles are worth a read.

eWeek writer Wayne Nash wrote an interesting piece called "Is Cloud Computing Secure? Prove it?"

“Security is not a product that can be purchased,” Dan Kusnetzky, vice president of research operations for The 451 Group said. “It’s a way of life, an implementation of the proper architecture, and the proper selection of tools, programs and procedures. No product that I know of is either secure or insecure. The same is true of the cloud computing environment.”

Over on CloudAve, Krishnan Subramanian proposes that "Cloud Security Needs A Rethink But The Evolution Will Be Slow".

I was going to take out some key points from his last two paragraphs but it's all important so I've included it all here.

This transformation is not going to happen overnight. It is an evolution with too many players in play. There are customers who need a mind shift on how they perceive about the security, there are the cloud service providers who should offer the highest level of security in their infrastructure and, also, build trust with sensible contracts that will add confidence to the enterprise customers (a few red and green dots doesn't cut the slack) and, finally, regulators who should understand the advantages of fast evolving technologies and make the regulations in tune with the technological development. On top of all these things, the cloud technology is still in the early stages and needs to mature further.

Unless we see an evolution on all the above said fronts, it is difficult to visualize a world where public clouds are the only way of life. In fact, even with the evolution of all the above said players, the very fact that the world is diverse and the needs are diverse implies that there will always be some need for the so called private clouds and internal clouds. I do agree that the economics of public clouds will eventually move more and more customers into the public clouds but the evolution will be slow and not complete. There is no point in arguing if private clouds should exist or not. Rather, we should be focusing on developing better standards for interoperability, security, etc. and let the market forces decide on the evolutionary path of the clouds.

ZeroTouch IT Ltd