When you consider the hype around cloud computing you find that it is more hype than anything right now. Like Dr. Miracles wonder elixir most of cloud computing can’t do the things you need and or want it to do consistently.
Partly of course this is the reality of squeezed IT budgets and cloud computing in the short run offers additional cost savings. But cost savings is a window. Once you open it it quickly closes.
The reality of cloud computing in the near term is security. In fact the more clouds I look at, the more I realize security may be the today and the tomorrow of cloud computing. Secure solutions that are based on APT, but also on years of experience both in managing secure solutions but also in building and providing solutions that are based wholly on a secure implementation.
Reality in the security space is there are as many wholes in some vendors offerings as there are answers. Microsoft offers a number of solutions that trumpet their “days to vulnerability closed” but the reality is there remains a high number of vulnerabilities. IBM has many solutions that have significant security issues. Redhat and other Linux vendors have long lags often between vulnerability opened and closed.
Cloud security can’t be about the response. It has to have an offensive capability working to close the gaps.
In the past I’ve talked about new models and patterns for developers to consider building towards. I suspect someone should spend some time (probably me later) on what the security options would be using cloud computing.
- Security through obscurity
- In transit or on-the-fly security