I recently attended the GigaOM Structure Europe event in London. It was a great event, with lots of interesting topics, and it was lovely to see some familiar faces. However, I can’t help but feel that we have lost touch of “the cloud” and we are debating about topics that are dated and already happening in the workplace.
Going back to my security roots, I wanted to tune into the ‘Mission not so impossible: A truly secure cloud’ panel with VMware, EMEA CTO, Joe Baguley, Adrienne Hall, GM of Trustworthy Computing at Microsoft and Greg Ferro, Network Architect, CA and GigaOM analyst. What particularly struck me about the debate was how there is still a gulf between how vendors talk about technology and cloud consumers talk about service.
Vendors are still looking after their own needs and not the service offerings they can provide their consumers. The vendors need to start to outline how they can help the customer provide a service and not just focus on the technology, this will be more relevant for cloud providers and their customers and will help to progress the cloud industry forwards.
There are cloud management platforms which helps to bridge the gap between Amazon and VMware, allowing service providers and enterprises to manage and control their entire private, public and hybrid cloud infrastructure from a single interface layer and console.
Another thing which struck me about the debate was the issue of security. Greg Ferro of CA, said that a truly secure cloud doesn’t exist. I can’t help but feel that the security concerns are no different today to that of 5 years ago and we are discussing an old subject. Yes it doesn’t exist, we know that, but what we should be looking at here is the next steps when it comes to security in the cloud.
Gone are the days when security was an excuse for not adopting the cloud, yes it can be daunting, but in today’s world there are so many ways to mitigate risks in the cloud. Security needs to be embedded into the IT infrastructure and should not be seen as a separate entity in the organisation.
Organisations don’t necessarily have a neat hierarchy of support teams, so a flexible approach to security means organisations can match the control to their support structure, basing access on skills within the organisational model. So organisations are always connected to the resources but they can give their users roles and scopes within the virtual infrastructure.
Another issue that was continuously highlighted in the panel was how security within the cloud is perceived. It has the perception of a brick wall, continuously stopping users from accessing IT resources and creating speed bumps to work efficiency. This perception needs to be changed. And the only way this is going to be changed is by building trust and educating the industry about the realities and the real risks.
Organisations need to trust their cloud service providers and feel they are in safe hands. Where does this trust come from? Organisations should seek accreditation or validity from impartial organisational bodies such as the Cloud Industry Forum, who uphold standards within the industry.
With the right platform, organisations can move their resources from the public to private cloud with relative ease. Moving their resources in and out of private cloud and into public, not only promotes flexibility, it also takes away the complexity of using both the public and private cloud. Enabling organisations to easily see where their resources are and have the assurance that they are safe.
Security within the cloud doesn’t have to be a brick wall. Removing the barriers that stop flexibility and simplicity will take the fear out of the cloud; empowering cloud users to have and excerpt freedom of choice and make it easy for them to trust the cloud providers.