Monday, November 22, 2010

v1.0 is always more successful when bundled with two sunny days at Orlando

Nothing like sunny Orlando in the middle of a Boston’s November, therefore you can imagine my excitement about participating at the first Cloud Security Alliance Conference this week.
So what did we have there (other than ~90 degrees)?
  • Interesting mix of participants (customers, vendors, thought leaders, consultants, federal)
  • Lots of cloud and security related sessions
  • Securing privileged users (insiders threat) and privileged access points (API management) are top concerns
  • Sitting in a panel discussion about securing applications and data in the cloud
  • Booth at the expo center (chance to both pitch and have interesting discussions with participants)
  • AND one big debate about security and the cloud
(Basically all the ingredients for two days well spent)

While I can go into lengthy descriptions of sessions and other discussions, I prefer focusing on what I perceived as the biggest debate at the conference. Which of the following is right?

The cloud is new therefore requires all applications and security solutions to be re-written
OR
Just of the same, been around for a while, let’s move our apps and secure it using current controls

Surprisingly (or not) most influencers seem to believe things needs to be re-written.
Not surprising (or …) I have a different take on that. But first a couple of clarifications:

  1. I’m tired with this binary approach to the cloud some people present – “either everything going to the cloud (1) or nothing (0)”. Think hybrid, we are going to have mixed environments for as long as you can currently plan.
  2. Tired++ from this ongoing FUD competition (though I have to admit occasionally I participate). RELAX, don’t panic, we are going to be OK. The cloud is a great thing and a decision whether to adopt it is a business decision (based on its many virtues). And yes it has vulnerabilities and issues which need to be highlighted and addressed (start with focusing on operations accountability and transparency).
It is off my chest and I can finally address the cloud-security debate. As with most cases, the answer is somewhere in the middle. The cloud represents new concepts, technologies and delivery mechanism. Given the extent of the change (and opportunities) some areas are definitely going through a revolution and require re-thinking/re-architecting or as some of my colleagues put it – re-writing. However, when looking at public IaaS there are quite a few challenges that only experience evolution and can be addressed with existing tools and expertise (only some adjustments required). I thought my friend Gilad (founder+CEO @ Porticor) presented it nicely during his session.
Now it is true every several years products gets re-written anywhere, therefore the shift to the cloud might be a good opportunity.

My recommendation (my personal crystal ball):

  • If you are in the services business – identify evolution areas and follow them.
  • A vendor? the revolution domains is where you should be looking for opportunities.
When all is said and done, looking at Friday’s financial news: Salesforce’s Q3 results exceeded expectations and their stock is on fire! Makes you wonder whether customers really care or are we simply over hyping it all…

1 comment:

  1. You hit the nail on the head. Hopefully a year from now the industry will progress and have a wider understanding of what requires evolution and what revolution. See also

    http://www.porticor.com/2010/12/mixing-the-cocktail-evolution-and-revolution-in-cloud-security-and-privacy/

    ReplyDelete