Well, we had the Gartner Symposium in Florida last week. Just looking at the agenda, it’s pretty obvious that the cloud is exercising almost everybody, just by the pure number of sessions that feature in some way or other. Whether it be Saas, PaaS or IaaS, all the vendors came under the micrososcope during the 51 sessions in the Cloud Computing track.
Some of the session-names themselves were interesting:
To be a little contentious, I’d say the big operators today, probably operate more secure environments than the vast majority of their customers. Many organisations don’t really have the budget to operate data-centres which have all the latest security practices and policies applied and implement good physical security. You know - high grass banks, razor wire, security officials, that kind of caper.
A lot of people I talk to say the biggest threat is from subterfuge, espionage, insider-operations and so on: that they like to have their own people looking after their own data. I saw a presentation from a crypto company last week who successfully scared the living daylights out of the attendees because, as he said - “naked data is stored in these vast cloud-operator data-centres”. It just took somebody on the inside with administrative access to the fabric and infrastructure of the system to copy the data and walk off site with it.
The thing is. That’s true in a traditional on-premise data-centre too. It’s only really the economies of scale a criminally minded individual with all the right permissions and privileges can exercise over the pool of data under his control that gets our attention.
But just as in traditional data-centres, cloud operators build their systems in such a way that individuals don’t have unfettered access to all data. The personnel and physical checks (on-shift, off-shift etc) are tougher and more exacting. I think if I was a criminal and I wanted to steal data from say, a bank, I’d go to the bank to get it. To try and find it in a data-centre with 150,000 physical servers or more and goodness knows how many virtual machines is a non-trivial task. Add to that the fact that a bank (as an example) is very unlikely to store its most valuable data in the cloud, it means the value of any data harvested by an imposter working in the data-centre is less than they could get if they worked in the on-premise data-centre of the bank.
I’m reminded of what Neil MacDonald, Gartner analyst said at the Midsize Enterprise Summit – essentially Cloud Security Is Better Than What You Have Today.
I don’t think this means every cloud operator is running a more secure environment than every customer, but I am falling on the side that security operations in the big cloud operators are probably more extensive than in most private data-centres.
Also presented at the symposium was a talk “Will Microsoft and VMware Dominate the Cloud Landscape?”. Michael J. Miller from PC Magazine posted this Gartner graphic in his blog summary of the session, which they presented at the event to show where the emphasis lay in different vendors’ approaches:
For me as a Microsoft employee, with the Cloud a big part of my job, it was heartening to see so much blue on the Microsoft line. It’s really easy, with the focus on MSDN being developers, to forget there is such a wide range of cloud services on offer, or in the case of Windows Intune, in Beta. And then there is the release of the Beta of the re-named/improved/packaged Office 365 which will even include a Microsoft Office Professional Plus license in the monthly subscription.
only time will tell us who is the most secure and who will dominate the cloud landscape (or skyscape). It’ll be interesting though, no matter what happens…