An alchemists view from the bar

Network Security Alchemy

Archive for May 2009

Thoughts of the cloud – Part one of …… some.

with 3 comments

I (via Sourcefire) recently had the opportunity to present at a could computing security event in Ireland organised by Calyx, unfortunately for me the cloud-specific focus of the event managed to slip past both myself and my colleagues in marketing unnoticed until the day before the event. This forced me to take the audience on an unexpected thirty minute tangent away from the cloud centric content they were expecting (sorry about that), but while I wasn’t talking I was given a great opportunity to witness the confusion that is presented as “The Cloud”.

Clearly cloud-stuff is getting more and more headlines, especially when you link the “C” word together with security.

Each presenter provided a slightly different definition of what cloud computing meant to them (and their marketing departments), but somehow they all managed to agree on key security risks associated with suggestions of …….

  • Dumping mission critical internally hosted services and throwing them into the cloud
  • Placing your “trusted data” in the trust of another “untrusted” party
  • Believing that a cloud provider (SAAS, PAAS, IAAS etc) has a magic ability to look after their systems better than your people look after your systems
  • Burying you head in the sand while shouting “la la la don’t remind me that I’m still accountable for all of this with little to no control!”

Quite correctly none of the presenting vendors offered a silver bullet to solve these issues, and if they had offered one up I’m sure someone in the audience would have called them a liar. Instead they provided intelligent thoughts and opinions to potential workarounds, however I don’t remember them touching on what I see as an important and overlooked point.

Cloud technology will rarely provide a complete migration path, it is most likely to be a technology addition. I won’t go into the justification of my point of view right now, but believe me this is the way I see it. This also means that my non-cloud “Know your network better than your enemy” tangent that I took the audience on is still important. I hope the “C” word moves further along the hype-cycle path to sit somewhere better understood soon.

Earlier today I read Amrit Williams’ wonderfully sarcasm-rich post on a similar subject, I relate to it because it touches on my views of cloud addition. Reading it also reminded me to hit the publish button on this posts draft.



Written by leonward

May 7, 2009 at 1:10 pm

Posted in Security, Sourcefire