Cloud computing needs better security, interoperability to live up to hype

If cloud computing is to move beyond the hype cycle, vendors need to put aside their differences and agree on common principles related to security and the interoperability of cloud platforms, a growing number of industry players are saying.

Two events last week demonstrated rising interest in making security a priority and creating an open infrastructure that lets applications and data move freely from one cloud to another.

ING and eBay highlighted a mix of user companies and vendors that announced the formation of the Cloud Security Alliance, saying the delivery of on-demand computing capacity over the Web is putting new demands on security tools.

"The very nature of how businesses use information technology is being transformed by the on-demand cloud computing model," says Dave Cullinane, CISO at eBay. "It is imperative that information security leaders are engaged at this early stage to help assure that the rapid adoption of cloud computing builds in information security best practices without impeding the business."

Separately, a large collection of vendors threw their support behind the Open Cloud Manifesto, which challenges the industry to avoid proprietary technologies that would limit cloud choices. Besides security, the manifesto urges vendors to focus on portability and interoperability of data and applications, governance and management, and metering and monitoring.

Click to see: Chart of various cloud organizations

Customers need to be skeptical, particularly when they are considering sending critical data and applications to cloud providers, says David Snead, an attorney who spoke about legal issues related to virtualization and cloud computing at Sys-Con's Cloud Computing Conference & Expo in New York City last week. Companies such as Amazon do have downtime, and service-level agreements may not guarantee severe penalties, he said.

"There's no such thing as a cloud," Snead said. "Your data is going somewhere. It's going to some infrastructure provider. … Something I don't think a lot of companies understand when they're sending things out to the cloud, is where it's going and what companies are going to stand behind it."

Critical applications such as databases, transaction processing and ERP workloads probably should not be the first ones sent out to the cloud, said Kristof Kloeckner, the cloud computing software chief at IBM. Kloeckner recommended that enterprises just now looking at the cloud choose a few "quick wins" that benefit many employees, but carefully analyze applications with mission-critical requirements before making any decisions. Beyond simply outsourcing, the cloud could provide opportunities for enterprise to start using new workloads, such as high-volume, low-cost analytics, or collaborative business networks, he said.

Controversy over the "open cloud"

Last week's debut of the Open Cloud Manifesto was not without controversy, as Microsoft claimed that an open process was not used to create the document, and that it was asked to sign it without the opportunity to provide feedback or revisions.