Good Cloud Privacy and Security must be Cloudy

OK, so what’s Cloudy Privacy? or Cloudy Security? Fair questions.

It is a truism, sometimes forgotten, that Cloud Computing is not first-and-foremost a technology innovation.

Cloud has brought together a lot of innovations from many areas – and packaged them in a new way which innovates the Operations and the Economics of IT.

Innovation of Operations means unparalleled flexibility to bring up (and down) servers, and use storage as much as you need (and no more). The paradigm is of infinite resources, and you’re invited to use as much as you really need.

The Economic innovation is pretty cool too. You pay as you go, monthly or yearly as you please. No need to pay in advance for a big project, just for what you use. When you no longer use it – you give it back.

This is all a really big deal. It is enabled by a bunch of technology innovations from many areas, but its not really a tech innovation per se.

Now look at the fields of Cloud Security and Cloud Privacy.

We have all heard its supposed to be a pain. People (rightly) have asked the question “can Security and Privacy be achieved at all?”. Through many efforts we are beginning to see a list of industry best practices emerge. These are summed up by trade associations such as ENISA and CSA. This is initial, important, work. As it matures the question will be answered in the affirmative.

There is another, related, question which is no less important. Supposing we agree on the best practices – how do you deliver them? Nowadays, when you want to answer privacy and security questions with real solutions, you have to do a project that may involve many months and people of great expertise. This cloud security thing is still in its first stages, and the experts are rare and expensive.

We need best practices – offered so that people can consume them in a Cloudy way. Cloudy means

  • a lot of complex privacy and security technology comes together so we can get the operations and economics right
  • pay as you go
  • privacy and security solutions can be brought up in a reasonable time – not months
  • privacy and security have proper service level guarantees, backed up by a proper SLA (Service Level Agreements) and/or Warranty

The market is not there right now, though there are a number of thoughtful vendors aiming for that goal and showing important progress.

Its also important to ask “does one size fit all?”.  Obviously one person’s ideal solution may not suit another. There will always be room, and a real need, for customized solutions.

Many caveats are still relevant, and much thought, research and hard work is to be done. Yet if we make Cloud Security Cloudy – we will reap the same Cloud benefits of operational flexibility and economic advantage.

Good Cloud Security is Cloudy. Consider that a manifesto.


  1. […] “How AWS helps Porticor deliver Cloudy Security”; our presentation is here. A recent post in these pages defines “Cloudy Security” as the combination of delivering security in […]

  2. […] Porticor was invited. We focused on how to enable best practices on the AWS platform. Porticor does this using a product philosophy which we call “Cloudy Security“. […]

Speak Your Mind