Generalisation on private and public cloud combined with a lack of security definition is not promoting trust

News by Dan Raywood

A generalisation on terms when it comes to cloud computing will confuse users when it comes to public and private cloud services.

A generalisation on terms when it comes to cloud computing will confuse users when it comes to public and private cloud services.

Guy Churchward, CEO of LogLogic, claimed that the ‘industry has bucketed anything that can be loosely defined as cloud, virtual, consolidatory, or anything on the network in the same term being cloud'.

He welcomed Gartner predictions that ‘IT organisations will spend more money on private cloud computing investments than on offerings from public cloud providers' by 2012, but said that he longed for the day where this nebulous or opaque term can be segmented into public clouds, private clouds and more importantly IT-as-a-Service (ITaaS).

Churchward said: “It has been wrapped up in a pretty bow and proclaimed as ‘cloud' for the convenience of propping up the ‘invisible dog leash' fad-based early start-ups that infest the wannabe public cloud offerings (or so they think).

“There are two primary reasons (amongst many) why the enterprise will not make major strides towards the public cloud– lack of visibility and multi-tenancy issues which cloak the real concern over critical data security.”

Commenting on his claims that the ‘public cloud is opaque', he said that it ‘lacks a level of true accountability that will paralyse any enterprise account from releasing their prized data assets to a set of unknown entities'.

Churchward said: “The public cloud has received so much buzz in large part because it professes to offer significant cost savings over buying, deploying and maintaining an in-house IT infrastructure. While this is massively appealing, it doesn't answer any of the fundamentals of Quality of Service, network and data security to name a few.

“Imagine the concern of opening up your internal systems with a direct pipe into the ‘cloud'. This is the equivalent of leaving your data centre door open, while your data centre adjoins a ‘how to hack systems' symposium.”

He also claimed that multi-tenancy issues will prevent businesses of any real size from making the leap to the public cloud as many people using the same IT assets and infrastructure.  

Churchward said: “EC2, Google, etc., provide true multi-tenancy but at what cost to compliance and security? What about hot topics such as PCI or forensics? How safe are the tenants on a system? Who is on the same system as you, a hacker or perhaps your dearest competition? How secure is the isolation between clients? What data have you trusted to this cloud? If you buy the argument, it will be your patient records, payroll, client list, etc. It will be essentially your most important data assets. I have to think this would be a good test of data asset Darwinism.”

He concluded by saying that until the public cloud can provide visibility all the way down to the IT infrastructures, enterprises simply will not risk it. “To be deployed properly, a public cloud needs to understand logs and log management for purposes such as security, business intelligence, IT optimisation, PCI forensics, parsing out billing info, and the list goes on,” said Churchward.

“Until then, in the grand scheme of risk mitigation, enterprises will fear the cloud and per my recommendation, segment public cloud from ITaaS in a private cloud. It's a shame but as we've clubbed all the terms into a single bucket, it turns all the lights red and in fact there's a tremendous value in cloud computing.

“But public clouds and enterprise computing are a world apart and should be treated as such, and there are whole rafts of risks to be considered along the way.”

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events