Elastic Security

Icon

Security for the Cloud

December 18, 2009 • 13:12 0

Slides of the brighttalk summit on Public, Private & Hybrid Clouds

Here they are, enjoy

Filed under: BrightTalk Summit, Discussions, Presentations

December 18, 2009 • 12:53 2

Some Thoughts on Cloud Adoption

Yesterday i did a talk on cloud security (in french) at the Forum Aristote. I enjoyed several nice presentations and discussions about  very concrete customer usecases and needs that contributed to questions like:

  • Are there real customers considering the public cloud?
  • Are customers attracted by the idea of cloud cloudcomputing or just being puzzled by the marketing hype?

The discussions I had yesterday gave me the impression of a growing consensus about the use of private clouds for critical information, and the use of public clouds for non-sensitive data and applications. That leads to the question what kind of applications are actually addressed by security features in public clouds – e.g.  Amazon VPC? VPC surely does not give answers to all security concerns, but does it help at least to move more applications into the public cloud?

It is also clear that customers are getting used to the concepts of outsourcing as well as SaaS. Most of them even believe that virtualization security is possible and side-channel attacks in multi-tenant setups have more theoretical than practical impact. So, what’s actually missing?

  • More trust on cloud providers (especially public IaaS)
  • A change of attitude that doesn’t resist to change by principle
  • More knowledge, experience, and cloud success stories

Is cloud adoption captured in a vicious cycle? How to break out of it? I think this mainly depends on the evolution of the offers and the trust building measures of the large providers with regard to compliance, auditing, and security. But there are still far too many remaining and open questions. Feedback welcome!

Filed under: Discussions,

December 9, 2009 • 16:08 1

Public vs Private clouds

Next week (the 15th December), I’m going to give a talk about cloud security on the “Public, Private & Hybrid Clouds” BrightTalk Summit. There are surprisingly many talks that focus on cloud (in)security – although after all it isn’t too surprising given the fact that security is the key issue when comparing public against private cloud infrastructures.

Guy Churchward, LogLogic CEO did an interesting post on this subject and Gartner defends that private is the way to go. I am wondering if this opinion has become a consensus or if there are still public (sic!) defenders of the  public cloud? I hope that the users of Amazon EC2 and Salesforce  raise their voice and that we find more use cases than the usual ones like testing, not sensitive data, marketing campaigns, non-critical business processes and so on.

I think we can associate the threats and risks of cloud computing with the following root causes (admittedly this is a simplification):

  1. outsourcing
  2. resource sharing
  3. virtualization
  4. infrastructure volatility

Private clouds solve the first two: (1) they increase trust and allow full visibility and control over the infrastructure and (2) they are not exposed to  side channel attacks. Hope to interact with you at the summit and if you already have a favorite topic or questions on the subject do not hesitate to drop a comment. I might include it in the presentation.

Filed under: BrightTalk Summit, Discussions

December 2, 2009 • 22:19 3

Impressions from CloudStorm Paris

Yesterday I attended CloudStorm in Paris. The idea behind this series of events is to give solution providers in the Cloud Computing space the possibility to present their products in front of potential customers and establish contacts with potential partners and customers.

My expectations of the event were to get an impression of the state of the art in the cloud computing space: what kind of companies are migrating to the cloud? What are they looking for? What are the major obstacles of adoption? What business models are valid and popular? Which role do security concerns play in the adoption of cloud computing? What problems are still not solved?

My impressions were the following: The solution range went from SaaS providers (collaboration, project management, enterprise communication, and catalogue production) over infrastructure software and service providers (targeting service integration, cloud storage systems, or private cloud creation) to a service provider actually using cloud technology to implement his service offer. The only large global player represented was Sun Microsystems.

While this multiplicity of players represent very well the actual confusion around the term Cloud Computing, I am not convinced if it really helped the solution providers to talk to people particularly interested in their problem space.

The event also included three panels targeting three different topics. The panel “Creating a Startup” discussed the challenges of being entrepreneur in the software domain (not really specific to cloud computing). The panel “Scalability Aspects” concluded that scaling a business is at least as difficult as to scale a web-application. The panel “Selling Cloud Solutions” stated that the simplicity of the business model makes applications based on utility computing easier to sell than traditional software and allows to gain better feedback on the customer’s problems and thus solve them faster. While the panels had interesting topics and consisted of competent people, time was simply too short to provide deeper insights.

I would be interested to know how the solution providers perceived the event and hear their opinion on the helpfulness and impact of the Cloudstorm format.

Filed under: CloudStorm

Twitter Updates

Follow

Get every new post delivered to your Inbox.