|By Paul Miller||
|August 31, 2009 08:45 AM EDT||
I was talking with Avanade’s Senior Director for Enterprise Security, Ace Swerling, earlier today. The conversation touched on a wide range of security and identity management issues that I’ll probably return to, but one of Ace’s comments brought my attention back to an issue that has been nagging at me for a while.
As I’m sure we all know, security concerns often figure highly in discussions about moving Enterprise applications and data to the Cloud. Indeed, I spoke with other Avanade executives earlier this year to report on a survey they had commissioned that suggested just how significant these concerns can be for potential customers.
In today’s conversation, Ace appeared to agree (as do I) with the frequent assertion that Cloud providers’ own systems will tend to be more secure than those that the majority of potential customers have in-house today. These service providers have their entire reputation riding on their security, it’s absolutely core to their business model, and they can invest in the facilities, procedures and people to get it right. They’re not claiming to be invincible; nothing is. But the good ones should certainly be capable of being as secure as anything else connected to a network.
Which brings me to the ‘problem;’ a data centre like the one in the video below can be physically and virtually secure, equipped with the best hardware, software, procedures and brains that money can buy.
And then you ruin it by letting the customers in.
The customers who open up all the ports you so carefully closed by default. The customers who use ‘password’ as their password. The customers who deploy sloppy code that’s riddled with holes. The customers who, frankly, are just human… and who don’t live and breathe security in the same way that at least someone inside the data centre probably does.
There are plenty of checks, balances and procedures in place to ensure that the idiocy of customer A cannot impact upon the services used by customers B, C, and Z, but what can the data centre do to protect customer A from themselves once they start over-riding default settings and policies?
Maybe, you might say, we should leave customer A to their own devices? If they want to open themselves up to hackers then let them.
The problem, of course, is that Cloud Computing is still pretty new. There are plenty of critics and pundits itching to break the news that “Sun’s Cloud,” “Amazon’s Cloud,” “Microsoft’s Cloud,” or “Google’s Cloud” is clearly not to be trusted because some customer of that Cloud got hacked. It wouldn’t be news if some small startup no one has ever heard of was hacked. It most certainly would be if they were hosted on EC2, unfair as that might seem.
“Amazon Cloud insecure,” the headlines would scream. Werner Vogels could argue forever that the customer ignored safeguards and contravened best practice, but who would be listening? The stock would tank, IBM and VMware would subtly massage their marketing collateral to emphasise their on-premise innovations and downplay the new-fangled Cloud stuff they’ve been talking about in recent months.
So, I wonder, which will be the first big Cloud provider to turn the tables on the customer? Sure, Cloud providers will still be measured on how secure they are… but maybe they’ll start asking questions about how secure their potential customers are, before letting them in the door. Health metaphors might be used, arguing that those without the necessary immunisations and vaccinations put innocent third parties at risk. In talking it through with Ace he suggested a motoring metaphor, pointing out that manufacturer and dealer warranties are void if the customer doesn’t do their part in ensuring that the car is properly maintained and regularly serviced.
It could actually be quite an easy proposition to sell to many current and potential customers; and maybe you could even provide discounts to those who scored highly in some notional assessment of their securedness.
What would such a relationship between customer and provider look like, would it divert the heat from the service provider when things beyond their control do go wrong, and who is going to make this move first?
Maybe, as the Cloud gets big enough to be serious business, the days of simply letting anyone with a credit card into the data centre are numbered?
Related articles by Zemanta
- The Cloud Isn’t Safe?! (Or Did Black Hat Just Scare Us?) (readwriteweb.com)
- The Three Biggest Tech Barriers to Cloud Computing (java.sys-con.com)
- Microsoft’s Ozzie Says Cloud Services Will Yield Lower Margins (businessweek.com)
- The tech jobs that the cloud will eliminate (computerworld.com)
- SaaS Vendors Target Enterprises Using Private Clouds (cloudave.com)
- Novell aims to tighten cloud security (news.zdnet.com)
- Unisys Looks to Safely Move Business Apps to the Cloud (techcrunchit.com)
- Security Guidance for Critical Areas of Cloud Computing (elasticvapor.com)
- Shaking that false sense of (IT) security (news.zdnet.com)
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
Dec. 10, 2016 07:00 PM EST Reads: 4,118
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Dec. 10, 2016 06:45 PM EST Reads: 1,070
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Dec. 10, 2016 06:30 PM EST Reads: 1,936
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
Dec. 10, 2016 06:30 PM EST Reads: 1,515
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York. The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...
Dec. 10, 2016 06:30 PM EST Reads: 992
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Dec. 10, 2016 06:15 PM EST Reads: 1,043
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 10, 2016 05:30 PM EST Reads: 972
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
Dec. 10, 2016 05:15 PM EST Reads: 2,350
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Dec. 10, 2016 05:15 PM EST Reads: 1,391
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Dec. 10, 2016 04:30 PM EST Reads: 1,809
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Dec. 10, 2016 04:30 PM EST Reads: 1,898
Cloud Expo, Inc. has announced today that Andi Mann returns to 'DevOps at Cloud Expo 2017' as Conference Chair The @DevOpsSummit at Cloud Expo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great t...
Dec. 10, 2016 03:45 PM EST Reads: 899
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 10, 2016 03:30 PM EST Reads: 914
If you haven’t heard yet, CollabNet just put out some very big news for managing and gaining value from DevOps. We introduced CollabNet DevOps Lifecycle Manager (DLM) — a platform designed exclusively for providing a single pane of glass, dashboard, and traceability views across your DevOps toolchain and processes from planning to operations and that can be traced back to planning and development.
Dec. 10, 2016 02:45 PM EST Reads: 925
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 10, 2016 02:45 PM EST Reads: 1,243
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
Dec. 10, 2016 02:30 PM EST Reads: 2,056
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
Dec. 10, 2016 01:45 PM EST Reads: 737
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...
Dec. 10, 2016 01:00 PM EST Reads: 416
Regulatory requirements exist to promote the controlled sharing of information, while protecting the privacy and/or security of the information. Regulations for each type of information have their own set of rules, policies, and guidelines. Cloud Service Providers (CSP) are faced with increasing demand for services at decreasing prices. Demonstrating and maintaining compliance with regulations is a nontrivial task and doing so against numerous sets of regulatory requirements can be daunting task...
Dec. 10, 2016 01:00 PM EST Reads: 1,256
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Dec. 10, 2016 12:45 PM EST Reads: 2,147