Welcome!

Cognitive Computing Authors: Liz McMillan, Pat Romanski, Elizabeth White, Yeshim Deniz, Zakia Bouachraoui

Related Topics: Cloud Security, @CloudExpo

Cloud Security: Blog Feed Post

Security and the Cloud

Will focus shift to the customer?

I was talking with Avanade’s Senior Director for Enterprise Security, Ace Swerling, earlier today. The conversation touched on a wide range of security and identity management issues that I’ll probably return to, but one of Ace’s comments brought my attention back to an issue that has been nagging at me for a while.

As I’m sure we all know, security concerns often figure highly in discussions about moving Enterprise applications and data to the Cloud. Indeed, I spoke with other Avanade executives earlier this year to report on a survey they had commissioned that suggested just how significant these concerns can be for potential customers.

In today’s conversation, Ace appeared to agree (as do I) with the frequent assertion that Cloud providers’ own systems will tend to be more secure than those that the majority of potential customers have in-house today. These service providers have their entire reputation riding on their security, it’s absolutely core to their business model, and they can invest in the facilities, procedures and people to get it right. They’re not claiming to be invincible; nothing is. But the good ones should certainly be capable of being as secure as anything else connected to a network.

Which brings me to the ‘problem;’ a data centre like the one in the video below can be physically and virtually secure, equipped with the best hardware, software, procedures and brains that money can buy.

Video of Sun's SuperNAP data centre in Las Vegas

And then you ruin it by letting the customers in.

The customers who open up all the ports you so carefully closed by default. The customers who use ‘password’ as their password. The customers who deploy sloppy code that’s riddled with holes. The customers who, frankly, are just human… and who don’t live and breathe security in the same way that at least someone inside the data centre probably does.

There are plenty of checks, balances and procedures in place to ensure that the idiocy of customer A cannot impact upon the services used by customers B, C, and Z, but what can the data centre do to protect customer A from themselves once they start over-riding default settings and policies?

Maybe, you might say, we should leave customer A to their own devices? If they want to open themselves up to hackers then let them.

The problem, of course, is that Cloud Computing is still pretty new. There are plenty of critics and pundits itching to break the news that “Sun’s Cloud,” “Amazon’s Cloud,” “Microsoft’s Cloud,” or “Google’s Cloud” is clearly not to be trusted because some customer of that Cloud got hacked. It wouldn’t be news if some small startup no one has ever heard of was hacked. It most certainly would be if they were hosted on EC2, unfair as that might seem.

“Amazon Cloud insecure,” the headlines would scream. Werner Vogels could argue forever that the customer ignored safeguards and contravened best practice, but who would be listening? The stock would tank, IBM and VMware would subtly massage their marketing collateral to emphasise their on-premise innovations and downplay the new-fangled Cloud stuff they’ve been talking about in recent months.

So, I wonder, which will be the first big Cloud provider to turn the tables on the customer? Sure, Cloud providers will still be measured on how secure they are… but maybe they’ll start asking questions about how secure their potential customers are, before letting them in the door. Health metaphors might be used, arguing that those without the necessary immunisations and vaccinations put innocent third parties at risk. In talking it through with Ace he suggested a motoring metaphor, pointing out that manufacturer and dealer warranties are void if the customer doesn’t do their part in ensuring that the car is properly maintained and regularly serviced.

It could actually be quite an easy proposition to sell to many current and potential customers; and maybe you could even provide discounts to those who scored highly in some notional assessment of their securedness.

What would such a relationship between customer and provider look like, would it divert the heat from the service provider when things beyond their control do go wrong, and who is going to make this move first?

Maybe, as the Cloud gets big enough to be serious business, the days of simply letting anyone with a credit card into the data centre are numbered?

More Stories By Paul Miller

Paul Miller works at the interface between the worlds of Cloud Computing and the Semantic Web, providing the insights that enable you to exploit the next wave as we approach the World Wide Database.

He blogs at www.cloudofdata.com.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.