The question of security in a cloud-based infrastructure is provoking a clash of technology titans.
Leading advocates of cloud computing, such as Amazon.com, are finding security to be a major stumbling block. At a recent technology conference, Amazon CTO Werner Vogels made the point that cloud services provide greater security for online businesses than what the businesses could develop in-house.
“Being able to use many of these components out of the cloud-computing world will allow you to create a more secure business than what you could do on your own,” he told the audience at the Supernova Conference in San Francisco.
But at the Gartner Symposium in Orlando, HP CEO Mark Hurd said: “We wouldn’t put anything material in nature outside the firewall.”
According to TechRepublic technology editor Bill Detwiler, “Hurd seemed to imply that HP would be willing to use cloud infrastructure within its firewall, but wouldn’t think of putting sensitive data (such as email or financial systems) in an external cloud.” HP obviously sees public versus private-cloud security as critical because it gets more than 1,000 hacks a day.
To test the broader IT community, TechRepublic in December asked its readers: “Do you trust current security measures enough to place ‘material information’ in a cloud outside your firewall?”
At last count, 90 percent of the respondents said no.
Click here to view some of Vogels’ speech and see TechRepublic’s survey results.
Two articles about scalability issues in the Cloud came out the same day in Data Center Knowledge. One about Rackspace and the other about Amazon — companies running two of the biggest thunderheads in the “sky.” While Amazon said, “We do not have over-capacity issues,” Rackspace fessed up and said, “We have not been able to fully identify the root cause of these unusual issues.”
I’m wondering if smaller cloud clusters might ultimately be more practical. Although they might not realize the economics of scale found in the bigger cloud formations, it seems like the scalability and reliability issues would be less complex.
I ran across a TechTarget article this morning that offers up some alternatives when you’re out of room or power, facing security threats, or forced to meet new compliance requirements in your corporate data center. The author presents compelling “pros” and “cons” for each alternative, including hardware consolidation, colocation and the Cloud. (I must point out that the colocation con about limited physical access isn’t true at EasyStreet — as long as you are authorized, badged and fingerprinted, you can access your equipment 24/7 as an EasyStreet colocation customer.)
What works for your organization may depend on its size. The author says, “A small business that depends on high Web traffic will benefit from a simple managed Web hosting solution, which may be the most economical solution.” He further suggests that many midrange companies may find colocation services “an ideal compromise between renting space on preconfigured servers and owning an expensive data center.”
You can read the entire article here. What growth management strategies might your company consider in 2010?
New research at MIT and the University of California shows how cloud service providers using virtualization on virtual machines belonging to multiple customers is creating data risks. These cloud infrastructures let attackers locate and eavesdrop on virtual machines anywhere in the cloud.
The attack described in the report was against Amazon’s Elastic Computer Cloud (EC2) service. Most troubling is the fact that the vulnerabilities that enabled the attack are generic and likely exist with other cloud providers.
“The research raises questions about a fundamental assumption about cloud computing which says that data hosted in a cloud is relatively safe from targeted attacks because it’s hard to know where in the cloud the data is located,” according to IDG Connect. “The research also comes at a time when concerns are high about security and privacy issues related to cloud computing.”
It’s possible for attackers to identify the physical server on which a targeted virtual machine is hosted in the cloud, the researchers found. The attackers can then establish a rogue virtual machine on the same machine to go after the victim.
Hopefully, as cloud technology evolves, these risks will be reduced.
If you’re interested in reading the research paper, click here.
Thanks to Jim Wasko from IBM, EasyStreet had a successful and well-attended Lunch and Learn about Cloud Computing last week. (See previous post.) For those of you who missed it, you can find a link to Jim’s informative presentation here. If you’re interested in receiving evites to future Lunch and Learns, just send your request to EasyStreet Info and we’ll put you on the list.
Speaking of Cloud Computing, Gartner has named it, along with green IT and social-computing platforms, among the technologies that are poised to reach broad enterprise adoption in the next two to five years. You can read more about Gartner’s report in this InfoWorld article.
