By Steve Ranger, 27 April 2009 16:02
NEWS
There may be a number of unresolved security issues around cloud computing - but if you try to resist the trend you are likely to be shown the door.
This was the claim of Philippe Courtot, chairman and CEO of security company Qualys speaking at the RSA Conference in San Francisco last week.
"We know that it's getting harder and harder to secure the current computing infrastructure and something has to change. Fundamentally there are too many variables and too many security patches," he said.
"The burden today is on the enterprise - they have to select the components, the servers, the routers and the applications, and to add insult to injury they have to secure that."
According to Courtot, the burden of security on organisations is too great, and that cloud is potentially the answer.
Proponents of cloud computing often point to the ability it gives businesses to buy services themselves, bypassing the IT organisation and Courtot warned: "If you resist the move to the cloud you will be replaced. Resistance is not an option."
However, he still sees a role for the internal IT security team: "The security people will have a more strategic role because they will be selecting the correct partners," he said.
The complexity of combining cloud applications with traditionally sourced applications will also secure an important role for IT teams at least in the short term.
CIOs however remain sceptical of cloud computing and recent exclusive research by silicon.com saw it branded this year's most overhyped technology.
According to Courtot, a number of improvements are needed before cloud computing will be able to take off, including the development of more secure browsers, stronger authentication and federated ID in the cloud, secure open protocols and standards, and legal and contractual improvements.
Comments
There are 7 comments. Join the discussion
1. karen challinor
no mention of the minor problem of which countries law applies to the cloud ?
for example a company in country A does business with a company in country B and stores transaction records on a cloud server along with using cloud software to manipulate this data and the cloud server physically resides in country C
which countries law applies ?
my guess is country C
so what stops country C passing a law that makes it legal for them to inspect the data on the cloud server, assuming they haven't already got such a law, and if they don't agree with what they see well they have effective control of both companies because they have access to the server and can put both companies out of business by denying access to the server
and even if the cloud server is in your own country, say the UK for example, there are tremendous arguments going on about privacy and government snooping at the moment, do you really trust HMG to keep it's nose out of a cloud server located in the UK
so never mind simply saying "resistance is not an option" give me cast iron guarantees that my data is secure and safe from the prying eyes of other companies and even governments and further that any such guarantee is proof against government legislation in whichever country the cloud server happens to reside
then I'll think about trusting the day to day running of my company to the cloud
2. Charles Smith
The "Cloud" is nothing new. In the 80's it was called Time Sharing or Computer Bureau's. Since then it has been tidied up a bit, but the fundamental problems are the same.
Can you buy the loyalty of a third party;
What do you do about loss of in-house skill;
Will they love and cherish your data;
Plan for divorce in the pre-nuptial agreement.
3. Guy Reynolds
Following from Karen what happens if your data is held on a servers in country C and the regime suddenly decides that it has issues with freedom of the press etc, and turns off its internet connections to the outide world, or fo that matter does it for reason of global domination
4. anonymous
Goodness me. I've been in the IT industry since 1981, and this is the most amazing I-am-bulletproof bring-it-on statement I've ever seen... its wonderful.
Three wake-up calls:
1. out of sight, out of mind, once the hardware leaves your doorstep you are blind to where it is, and who accesses it, which reflects on Karens comment; server/storage farm in the USA managed by sys-admin in India/wherever is qualified as data export.
2. trust takes years to develop, nanoseconds to destroy; and you need a mountain of trust with your cloud supplier
3. the salary levels for the IT security bods will be astronomical, as they will be infrastructure, middleware, applications and security superstars - all power to them... whereas you excutives will worship the ground they walk on, because without them you are screwed. There's something to be said for devolved expertise and responsibility.
5. Ric Francis
Another bunch of head in the sand reaction from flat earthists ..... it is time that people in the IT industry recognised that it has to move to solve the problems that fast moving technology throws at them and their businesses ..... Perhaps it is why more and more businesses recognise that their IT functions are not aligned with their business goals !!
6. James Strachan
Good grief, If you resist the move to the cloud you will be replaced. Resistance is not an option. What a wonderful sales technique. Remember no one got fired for buying IBM.
I suppose once all the legal, contract and trust issues have been sorted out, then the cloud may bring a short term silver lining of increased profits etc…but, no doubt that when that cloud bursts or disappears, as all clouds eventually do, bringing floods of tears and pain to the executives and companies having outsourced their life blood to the cloud.
No amount of legal contracts or expensive legal recourse can help if the company or Government goes bang.
Then see the race to bring back the infrastructure back in house, but the skills have gone...
Oh dear.
Resistance is a very worth while option, until the person offering the service offers their head when it goes all goes wrong.
Then we will see how good things are.
7. karen challinor
Mr Francis, until you've answered the question then it isn't my head in the sand
hype doesn't equal security, I don't need to know how cheap it is or any other benefits until I know it is secure, without security it isn't worth having no matter what else it does for me
now go and build a cloud model that is secure and we'll think about trusting our lifes work and the lifes work of those our companies to it and if you can't make a secure cloud model then stop insulting our intelligence by telling us our IT functions are not aligned with our business goals
as other people have said the cloud is nothing new, distributed computing and thin client solutions have been around for years, 'the cloud' is just this with a fancy new name and a ton of hype
now the solution has been around for years so you can bet your a*se we've looked at it long and hard and if we haven't adopted it already then we haven't adopted it for a reason and security is a biggie in the list of reasons