I'm in Washington DC this week presenting at a cloud computing and virtualization conference for Federal IT professionals. Yesterday, I hosted a 3-hour tutorial on cloud computing security where I presented a recent quote attributed to former Federal CIO, Vivek Kundra. Before leaving his post, Kundra stated, "a lot of people are sort of driving this notion of fear around (cloud) security, and the reason I think that's been amplified, frankly, is because it preserves the status quo.“ I then asked the audience what they thought: Was cloud security real or overstated? While a few hands went up in support of Kundra's statement, most audience members thought that cloud security concerns were very real. This perspective is consistent with recent ESG Research. When asked why public cloud computing was not a part of their organizations' IT strategy, 43% of those surveyed identified "data security/privacy concerns" as the top issue. Why are there such divergent opinions about cloud security? Cloud computing is still fairly immature so there is lots of work ahead to improve cloud segmentation, cloud security controls, information sharing, identity and access management, and security oversight. Nevertheless, I think that cloud computing suffers from another shortcoming -- after several years of hype, users are still really confused about what cloud computing is. Think about it. You've got cloud properties like on demand self service, resource pooling, and rapid elasticity. You've got an ownership model segmentation of private, hybrid, community, and public clouds. Finally, you've got delivery models like IaaS, PaaS, and SaaS (and others created for vendor marketing purposes). A lot more complex than explaining System z, Windows, or even server virtualization. Ultimately, cloud computing isn't described as a new compute platform, it's really a taxonomy. The technology industry is asking its customers to learn a new language -- no wonder why they are confused. After all, how can users be expected to understand cloud security when they don't even understand cloud computing? Cloud computing security issues are real but every time I present on this topic, I have to start by defining exactly what cloud computing is to level set with the audience. After 3 years of cloud computing build-up, this just shouldn't be the case. Note to the technology industry: If you think your customers get it, you're wrong. Therefore, if you want to sell cloud computing products and services, you need to work on education and communication as much as technical innovation.
Technology industry is doing itself a disservice with its complex cloud taxonomy
vShield, Cloud Computing, and the Security IndustryNext Post
GSA Eases Cloud Computing Procurement
A study shows that if the U.S. mandates backdoors to decrypt secret messages, there are hundreds of...
KDE's recently announced Linux distro, KDE Neon, seems like a questionable move that has the potential...
A prominent Linux kernel developer announced today in a blog post that she would step down from her...
As enterprises struggle to keep up with their internal demand for mobile apps, more are turning to more...
Amazon does a great job with infrastructure, but securing your cloud applications and environment is up...
Not quite 2:1 adoption rate for ACI like last fall, but close
When it comes to gripes about IT, CIOs need to go back to basics to address the needs of their most...