Yesterday, I attended CloudCamp in Frankfurt. My overall impressions: professional organisation, funny location (the film-museum in Frankfurt), great people, a large variety of topics, and a couple of highly interesting presentations. And most of all: good discussions! Thanks to the organisers and sponsors of this great event!
Among my personal high-lights was the presentation of Uri Budnik from RightScale, who gave insights how instrastructure services such as Amazon EC2 are actually used today. Not only startups or Facebook application providers like in the beginning, but also Fortune 500 companies are discovering the cloud and moving IT services in public space.
I also liked the presentation of Bernd Becker from Siemens, who has a decade of experience as Application Service Provider (ASP), which is actually the predecessor of cloud-computing. The fact that cloud-computing emerged from the consumer space and is not designed for enterprises from the very beginning will have an impact on the security architecture and raises questions related to security, auditing and prooving resource usage.
Tom Cole stressed the growing importance of identity management and security with the rising popularity of SaaS usage.
Sam Johnston talked about the Open Cloud Initiative that has the goal to define and protect the Open Cloud including everybody’s right to access his data in the cloud via open interfaces in open data formats. Great initiative!
Panel about Private Clouds
The questions and discussions in the unpanel-session were primarily about importance and justification of private clouds, i.e. cloud computing services built upon the internal infrastructure of an enterprise. The range of opinions were large: “private clouds are not much more than the consequent use of virtualization technology” – “private clouds are an evolutional yet transitional step between internal IT management of today and (public) cloud-based IT management of tomorrow” – “private clouds will always be the first choice for applications with mission-critical data or usecases with small delay and response time requirements“.
I noted a couple of good questions in this workshop. We plan to address some of them in upcoming blog-posts. If you are a workshop participant and you think I forget something important, please let me know in the comments!
- Aren’t private or hybrid clouds (including Amazon’s VPC) a sign that the great vision of public clouds are just a chimera? Frankenstein created his monster, but now that it starts walking we see the need to enchain it?
- Are technical security issues just a way to hide the real problems which are: trust and compliance?
- Can compliance follow the speed of technological progress? Examples: how to retrieve business-related information of an employee that quit the company, when the information is stored at Google? In some countries, strong encryption is not allowed – how to secure privacy of data here?
- What new problems appear related to auditing? One example: how does a server know its location and how can we be sure that the location cannot be faked?
- Aren’t most of the security issues for public clouds are the same as they are for hosting already?
- What is the difference between a cloud-provider and a bank? Much stronger compliance and auditing!
- Will the right to audit be a key differentiator once the cloud-market gets more mature pushing companies like Google or Amazon to change their current habits and attitude?
More opinions on CloudCamp Frankfurt 09 here:
Here is the link to the Elastic Security presentation: “Cloud Security: New Problem or New Context?”