Here they are, enjoy
December 18, 2009 • 13:12 0
Here they are, enjoy
December 18, 2009 • 12:53 2
Yesterday i did a talk on cloud security (in french) at the Forum Aristote. I enjoyed several nice presentations and discussions about very concrete customer usecases and needs that contributed to questions like:
The discussions I had yesterday gave me the impression of a growing consensus about the use of private clouds for critical information, and the use of public clouds for non-sensitive data and applications. That leads to the question what kind of applications are actually addressed by security features in public clouds – e.g. Amazon VPC? VPC surely does not give answers to all security concerns, but does it help at least to move more applications into the public cloud?
It is also clear that customers are getting used to the concepts of outsourcing as well as SaaS. Most of them even believe that virtualization security is possible and side-channel attacks in multi-tenant setups have more theoretical than practical impact. So, what’s actually missing?
Is cloud adoption captured in a vicious cycle? How to break out of it? I think this mainly depends on the evolution of the offers and the trust building measures of the large providers with regard to compliance, auditing, and security. But there are still far too many remaining and open questions. Feedback welcome!
December 9, 2009 • 16:08 1
Next week (the 15th December), I’m going to give a talk about cloud security on the “Public, Private & Hybrid Clouds” BrightTalk Summit. There are surprisingly many talks that focus on cloud (in)security – although after all it isn’t too surprising given the fact that security is the key issue when comparing public against private cloud infrastructures.
Guy Churchward, LogLogic CEO did an interesting post on this subject and Gartner defends that private is the way to go. I am wondering if this opinion has become a consensus or if there are still public (sic!) defenders of the public cloud? I hope that the users of Amazon EC2 and Salesforce raise their voice and that we find more use cases than the usual ones like testing, not sensitive data, marketing campaigns, non-critical business processes and so on.
I think we can associate the threats and risks of cloud computing with the following root causes (admittedly this is a simplification):
Private clouds solve the first two: (1) they increase trust and allow full visibility and control over the infrastructure and (2) they are not exposed to side channel attacks. Hope to interact with you at the summit and if you already have a favorite topic or questions on the subject do not hesitate to drop a comment. I might include it in the presentation.
December 2, 2009 • 22:19 3
Yesterday I attended CloudStorm in Paris. The idea behind this series of events is to give solution providers in the Cloud Computing space the possibility to present their products in front of potential customers and establish contacts with potential partners and customers.
My expectations of the event were to get an impression of the state of the art in the cloud computing space: what kind of companies are migrating to the cloud? What are they looking for? What are the major obstacles of adoption? What business models are valid and popular? Which role do security concerns play in the adoption of cloud computing? What problems are still not solved?
My impressions were the following: The solution range went from SaaS providers (collaboration, project management, enterprise communication, and catalogue production) over infrastructure software and service providers (targeting service integration, cloud storage systems, or private cloud creation) to a service provider actually using cloud technology to implement his service offer. The only large global player represented was Sun Microsystems.
While this multiplicity of players represent very well the actual confusion around the term Cloud Computing, I am not convinced if it really helped the solution providers to talk to people particularly interested in their problem space.
The event also included three panels targeting three different topics. The panel “Creating a Startup” discussed the challenges of being entrepreneur in the software domain (not really specific to cloud computing). The panel “Scalability Aspects” concluded that scaling a business is at least as difficult as to scale a web-application. The panel “Selling Cloud Solutions” stated that the simplicity of the business model makes applications based on utility computing easier to sell than traditional software and allows to gain better feedback on the customer’s problems and thus solve them faster. While the panels had interesting topics and consisted of competent people, time was simply too short to provide deeper insights.
I would be interested to know how the solution providers perceived the event and hear their opinion on the helpfulness and impact of the Cloudstorm format.