Elastic Security

Yesterday i did a talk on cloud security (in french) at the Forum Aristote. I enjoyed several nice presentations and discussions about  very concrete customer usecases and needs that contributed to questions like:

• Are there real customers considering the public cloud?
• Are customers attracted by the idea of cloud cloudcomputing or just being puzzled by the marketing hype?

The discussions I had yesterday gave me the impression of a growing consensus about the use of private clouds for critical information, and the use of public clouds for non-sensitive data and applications. That leads to the question what kind of applications are actually addressed by security features in public clouds – e.g.  Amazon VPC? VPC surely does not give answers to all security concerns, but does it help at least to move more applications into the public cloud?

It is also clear that customers are getting used to the concepts of outsourcing as well as SaaS. Most of them even believe that virtualization security is possible and side-channel attacks in multi-tenant setups have more theoretical than practical impact. So, what’s actually missing?

• More trust on cloud providers (especially public IaaS)
• A change of attitude that doesn’t resist to change by principle
• More knowledge, experience, and cloud success stories

Is cloud adoption captured in a vicious cycle? How to break out of it? I think this mainly depends on the evolution of the offers and the trust building measures of the large providers with regard to compliance, auditing, and security. But there are still far too many remaining and open questions. Feedback welcome!

Filed under: Discussions, Aristote Forum