Get Paid To Promote, Get Paid To Popup, Get Paid Display Banner

Cloud Computing: The Answer Is Blowin' in the Wind

Private clouds. Public Clouds. Hybrid clouds. We're being bombarded by those who claim that these are new, revolutionary, and potentially insecure IT configurations which will challenge our notions of data privacy and compliance. Unknowns. Big risks.

To this I say it's all a bunch of hot air. In my humble opinion private clouds will make as much sense ten years from now as owning your own power plant does today. Every industry goes through broad adoption curves. The IT industry is firmly on the last stages of the move from broad adoption to ubiquity to, ultimately, utility service.

Yes... I'd like a T3 data link, 35 email mailboxes, and 4000 MIPS of server. Oh, and add 1.5 PB of storage...

Press 1 to continue, 2 to change...

Private versus Public

A private cloud is a corporate resource. It may be virtualized, which would be handy to support the dolling out of resources. It could be segmented (think Domains, LDOMS, Containers, or a Resource Manager created fair-share slices). It could be stand-alone systems sharing common infrastructure, cooling and floor space. Such a data center would have multiple tenants - owners of specific divisions, projects, or tiers (think production / staging / QA / Testing / Development / Archiving / DR). And if the managers of those resources are clever, they will arrange for a hierarchy of responsibilities, proactive tracking of what each administrator is doing, and good reporting to keep system users, owners, and those who bear ultimate responsibility for uptime informed.

A public cloud is completely different, right? Well, not so much. It is a resource which is leased by a corporation. It may consist of dolled-out resources of which some may be virtualized while others may be stand-alone. There are costs associated with the required infrastructure to keep all the bits flowing, processed and stored. And a necessity of any shared environment would be a clear hierarchy of responsibilities, tracking and reporting. There would be the absolute necessity to insure isolation of users - different firms - just as there would be the necessity of isolating their divisions, projects and tiers. The only real difference is that the administrators of all this rich, fudgy goodness could be geographically located and reporting to different management chains and... wait... no... that's true for private clouds too.

So if a private cloud is a new way to look at, plan or manage corporate resources and if a public cloud is a resource that can be segmented into isolated islands of resources that look, and can be planned and managed as corporate resources, then where is the difference? Where is the risk? That a hypervisor has an inherent exploitable weakness? That a switch has a backdoor by which one VLAN's users can snoop on the traffic of another? Could be. But the serious players and aspiring want to-bees in virtualization, cloud computing and "unified infrastructures" will throw all they have at insuring that such situations never arise. Because they smell blood in the water and want to richly profit by being the winners in this conversion of our industry from enterprise specific to utility service.

Risk? What Risk?

Aside from insuring that the software (operating systems, hypervisors, virtual switches, etc.), physical infrastructure and storage you buy, or use within a cloud, are from known, respected, vetted vendors, I'd bet on the security of this environment over what almost any corporate team can throw together. All those vying for your business will do their damndest to insure they are not the 'Weakest Link' by which your customer's credit cards or your intellectual property gets harvested and shipped to China. And because they're addressing these needs in software (and, in some cases, hardware), all this security will be cheaper than what you have today... because in the end it's less expensive to solve a problem once and replicate a million times than to pay humans day after day to watch your goodies. So my prediction:

Cloud Security Risks Fade Significantly - 60%

I give our industry better than an even chance of figuring out that despite all the faster hardware, deeper storage and wider switches, it's all about the software. And the best and the brightest are working through these details now. So a year from now... two at most... we'll be thinking about billing and SLAs and DR site sufficiencies, and not about largely solved issues such as public cloud security. Hmmm... that CISSP I earned may not be worth all I thought it was going to be. Drats!

0 komentar:

Post a Comment