One of the oft-touted statistical arguments about air travel is that driving to the airport is the most dangerous part of a flight. A variation of that theme was stated by Simon Crosby, CTO of Citrix, in a panel debate over cloud computing and security. As we have noted here, Amazon’s services went down a week ago and – more dangerous still – Sony’s PlayStation gaming network suffered an attack that got information on millions of users.
Crosby admitted that such high-profile problems certainly undermine trust in the technology of cloud computing. Nevertheless, he responded, the event is rather like a plane crash: lots of headlines and recrimination, yet being in an airplane (or the cloud) is still the safest way to travel (or compute). Others are not yet so sure.
First of all, a nice primer and quick history of cloud computing (including an explanation about how it is not as new or as cutting edge as it might seem to the non-techies):
[vimeo]http://vimeo.com/16913034[/vimeo]
The debate was held at the Interop business-tech conference this week in Las Vegas. The participants of the debate (and of the conference) have a vested interest in investing in the cloud, as they provide the software, hardwar, and/or security that will make up said cloud.
Nevertheless, some of those providers are not wanting to puff up an enthusiasm balloon just yet: Ravi Rajogopal, vice president of cloud strategy for CA, listed a number of breaches – most of which did not make the headlines over the last few years. And John Pironti, president of IPArchitects security consultancy, says ‘customers can’t get enough information out of cloud providers to make informed decisions about risk. “Clouds won’t give you transparency,” he says. “You don’t get to see the controls.” Some 90% of breaches that disrupt businesses involve insiders, and cloud providers.’ (Excerpt from Tim Greene’s report on NetworkWorld.com)
One of the issues they discussed is security standards, and efforts are being made. But here too (optimistic) caution might be the best policy. Again, John Pironti: “Criminals seeking to break into clouds laugh at Cloud Security Alliance recommendations about security and at payment card industry standards to protect credit card data. Shared management of customer accounts is the only type of transparency that providers offer, and it isn’t enough.”
But short-term caution should not drive us away from the opportunities, convenience, and (soon) security of cloud computing. For example, we all pretty much expect a seamless experience on the net nowadays, whether we are on a Windows computer using IE 7 or a Mac using the latest version of Firefox. But the standards of the web were not perfect-born from the head of Zeus, and even a few years ago what we could access on the net – and what security we could expect – largely was dictated by the machine and browser we were using.
Indeed, one of the safer and easier ways to establish a cloud for your business, charity, or nonprofit organization is to create a private cloud, rather than depend on a public one (like Amazon’s, though we are not picking on them). Next week we shall look at what some of the advantages and expectations are of a private cloud.
Until then, have a good weekend and happy flying!