Trust, Public Cloud Computing and the Enterprise [#seattle #cloudcamp]
At the CloudCamp Seattle last week, there were many lively discussions. A number of vendors stepped up with some great discussion on their products and solutions. One question that was quickly mentioned and pops up in my mind was regarding PCI compliance. Now, PCI is a well known standard and should not be a radical enterprise issue, but a question of approach, methodology and planning.
However, in some discussions after the event, I brought up some questions on the topic of performance concerns and oversubscription. Multitenancy is potentially a concern from the performance perspective, particularly when virtual systems begin to outnumber the actual physical cores in a given host. This indicates one of several cloud concerns and on the topic of PCI and other security issues, it indicates a fundamental question with data security that the enterprise is rightfully slow to embrace.
One fundamental issue is the lack of visibility into the infrastructure. Virtual systems and the data they possess could literally be anywhere in the provider infrastructure in live and offline copies, snapshots, and disparate data centers. How are these factors accounted for? What do your SLA’s state? And who is the watchdog in that realm? Who is on that same system as you? Could there be a hacker or rogue application? What about compliance issues such as PCI? Are you sharing a system with a competitor? What are the ramifications if one of these things fails or is compromised?
The Point is the lack of Pointers to the Downsides
I could easily shoot off another 20 questions. To be fair, there may be a number of answers out there that satisfy much of these questions. The issue is there is too much buzz and hype about cloud computing and the picture is extremely skewed about the benefits and very little attention to security questions.
As long as these things endure and the industry does not focus on some of these fundamental security concerns in a clear, concise way, there will be this lingering question of trust in public cloud computing. An enterprise that properly mitigates risk has to address these questions and overcome that gap in trust. Even in world of security, there is a limited toolkit we have to combat and overcome the bad guys and their tools and tactics grow and change every day. Some of us have to be cops in the big picture.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
