Why Cloud Computing is More Secure
In the midst of the 1990's economic bubble, Alan Greenspan once famously referred to all the excitement in the market as Irrational exuberance. Similarly in today's cloud computing market a lot of the discussions seem to be driven by a new set of irrational expectations. The expectation by some that cloud computing will solve all man's problems and by others the expectation that cloud computing is inherently flawed. Flawed by an ended less list of problems most notably that of security. Like most things in life, the reality is probably somewhere in the middle. So I thought I'd take a closer look at the unrestrained pessimism and sometimes irrationality found in the cloud security discussions.
To understand security, you must first understand the psychology of how [cloud] security itself is marketed and bought. It's marketing based on fear, uncertainty and most certainly doubt (FUD). Fear that your data will be unwittingly exposed, uncertainty of who you can trust and doubt that there is any truly secure remote environments. At first glance these are all logical, rational concerns, hosting your data in someone else's environment means that you are giving away partial control and oversight to some third party. This is a fact. So in the most basic sense if you want to micro-manage your data, you'll never have a more secure environment than your own data center. Complete with bio-metric entry, gun toting guards and trust worthy employees. But I think we all know that "your own" data center also suffers from it's own issues. Is that guard with the gun actually trust worthy? (Among others)
Recently it occurred to me that the problem with cloud security is a cogitative one. In a typical enterprise development environment security is mostly an after thought, if a thought at all. The general consensus is it's behind our firewall, or our security team will look at it later, or it's just not my job. For all practical purposes most programmers just don't think about security. What's interesting about cloud computing is all the FUD that's been spread has had an interesting consequence, programmers are actually now thinking about security before they start to develop & deploy their cloud applications and cloud providers are going out of their way to provide increased security (Amazon's VPC for example). This is a major shift, pro-active security planning is something that as far I can tell has never really happened before. Security is typically viewed as a sunk cost (sunk costs are retrospective past costs which have already been incurred and cannot be recovered). But the new reality is that cloud computing is in a lot of ways more secure simply because people are actually spending time looking at the potential problems beforehand. Some call it foresight, I call it completely and totally rational.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=6c0ba107-83ed-446f-aa3e-2614c17eb575)
To understand security, you must first understand the psychology of how [cloud] security itself is marketed and bought. It's marketing based on fear, uncertainty and most certainly doubt (FUD). Fear that your data will be unwittingly exposed, uncertainty of who you can trust and doubt that there is any truly secure remote environments. At first glance these are all logical, rational concerns, hosting your data in someone else's environment means that you are giving away partial control and oversight to some third party. This is a fact. So in the most basic sense if you want to micro-manage your data, you'll never have a more secure environment than your own data center. Complete with bio-metric entry, gun toting guards and trust worthy employees. But I think we all know that "your own" data center also suffers from it's own issues. Is that guard with the gun actually trust worthy? (Among others)
Recently it occurred to me that the problem with cloud security is a cogitative one. In a typical enterprise development environment security is mostly an after thought, if a thought at all. The general consensus is it's behind our firewall, or our security team will look at it later, or it's just not my job. For all practical purposes most programmers just don't think about security. What's interesting about cloud computing is all the FUD that's been spread has had an interesting consequence, programmers are actually now thinking about security before they start to develop & deploy their cloud applications and cloud providers are going out of their way to provide increased security (Amazon's VPC for example). This is a major shift, pro-active security planning is something that as far I can tell has never really happened before. Security is typically viewed as a sunk cost (sunk costs are retrospective past costs which have already been incurred and cannot be recovered). But the new reality is that cloud computing is in a lot of ways more secure simply because people are actually spending time looking at the potential problems beforehand. Some call it foresight, I call it completely and totally rational.
Labels: Cloud Computing, data center, security
posted by @ruv
at
8:54 AM
3 Comments :
There is very less meat in this article. Let me surmise. There is no physical security for the invisible data stored in electronic form. Any data connected to internet can be secured only by encryption , firewall and procedures. A battalion of Army is of no use. One can have better firewall is possible when we use simple principle of economies of scale in cloud infrastructure .
In IT security, the assumption is that physical access overrides any technical control - and with enough resource can break any security controls. This is why data centers have security guards. Now that entire servers are just files on a hard drive, physical access isn’t a barrier. Anyone can gain access from anywhere. Access to a virtual machine image in memory, on the network, or the file on a hard drive means physical access to the machine.
That is the risk that cloud computing purveyors want you to manage.
In IT security, the assumption is that physical access overrides any technical control - and with enough resource can break any security controls. This is why data centers have security guards. Now that entire servers are just files on a hard drive, physical access isn’t a barrier. Anyone can gain access from anywhere. Access to a virtual machine image in memory, on the network, or the file on a hard drive means physical access to the machine.
That is the risk that cloud computing purveyors want you to manage.
Post a Comment
Subscribe to Post Comments [Atom]
Links to this post :
Create a Link
<< Home