Security and Cloud Computing are strange bedfellows. Cloud security is too immature
Her'e's Mateen (or Marteen - they've spelt it both ways) Greenway, HP Fellow, on the immaturity of the cloud computing model.
As sightings of the
Face of Jesus in the Cloud
become more frequent, we thought it was time someone carried out a maturity audit on Cloud Computing.
Is this model insecure? Mateen Greenway seems to think so. He should know, he's a Fellow of HP Enterprise Services, specialising in defence, security, government and healthcare.
"This is a complex question," says Greenway. "The whole cloud security area is very immature today."
He intends to simplify matters for us. "One simple model to use is that cloud uses lots of small IT components from a large shared pool to deliver a total service to a customer. If a few, or even a lot, of the components fail then in the Cloud more components will be pulled from the pool to keep the service at its agreed level."
"So there should be no interruption in the service. In the traditional IT model you own the right amount of hardware to deliver your needs, so if something fails your service degrades or fails completely. To solve this you need a DR site with extra capacity," he says.
Er, yes, that's all very well, but we asked you about security!
"The security issue gets you into the discussion of the difference between private and public cloud. If data is not stored on local devices, losing a laptop does not lose the data, they say. While this is true this is more related to centralised data storage than cloud computing.
"We need a new security model to deal with data seperated from applications as this is potentially a new model," he warns.
So we need a new model for security before making a blind leap of faith into the cloud. That's worrying.
This was first published in April 2011