Our new start-up, Porticor, is forming up. If you’ve followed us, you’ll know we are working in the cloud security area. You’ll also know we are in stealth mode. So I will not talk yet about the specifics of what Porticor does.
Cloud security is itself in the formative stage. The most important thing right now – so many people realize there is a problem and are working on solutions.
Do a Google search for “cloud computing security”. There are too many articles & posts right now with a title like “the 5 things to think about” and too few articles & posts with a title like “here is the solution to problem XYZ”.
This reflects current perceptions and realities. We, as an industry, are long on questions and short (yet) on the answers.
Enterprise customers of all sizes (small, medium and large) have taken to the cloud in a very gratifying way, and intend to continue doing so. Some 25% intend to do concrete projects and put these projects in the cloud, going to production with an external cloud provider. These are amazing numbers, given the newness of the cloud approach.
The attraction is economics and operations, Cloud computing is very attractive economically, transforming up-front capital expenses into “pay as you go” operational expenses. Customers like this, and want to go in this direction.
But these same customers say Security and Privacy are their top concerns when going to the cloud. They will choose their projects carefully, with this in mind.
What will the solutions look like? The solutions will have to reflect the nature of the topic.
Cloud computing is not purely a technological invention. It is an aggregation of many technical inventions that have been around for some time, and have reached critical mass. In a few places there really is new tech – for example in “No Sql” distributed databases. In many places we see old tech used in new ways. The big invention is the operational model; its all about using the internet, virtualization, large-scale hosting and commodity products in a new and different way.
Security offerings in this space must take these realities into account. It will be interesting to watch how things evolve, in a space where the really new invention is not technical but operational.
At the same time, industry groups like Cloud Security Alliance (CSA: http://www.cloudsecurityalliance.org/) are trying to gel a consensus on what security means within this new operational model. This is a fascinating discussion which may well lead to best practices and standards.
We live in interesting times.