Speaking season will be over this month. So far this year, I've done more than 25 presentations at various conferences around the country and have spoken with hundreds of people who are building or using clouds. All of this traveling and interaction has provided more data points for me to share via this blog.
Although some of the conversations have been encouraging, many have been downright disturbing because of the misconceptions people have. There continues to be much mythology in the cloud computing space, as I've pointed out in the past. It's time we dispel three more myths so that we can better understand the reality of the cloud.
Myth 1: Private clouds are, by default, secure
Many enterprises are implementing private clouds with the assumption that just because it's private, it's also secure. Not true.
Security is something you design and engineer into the cloud solution — it's not automatic. Thus, private clouds are not secure by default, and public clouds are not insecure by default.
You have to design and implement the appropriate security solution into the cloud. Just because you can see your server in the data center doesn't mean anything. After all, the data could be compromised as you watch it.
Myth 2: If I go OpenStack, I guarantee portability with other OpenStack providers
Although OpenStack is becoming a solid IaaS cloud standard, there is no portability guarantee among OpenStack distribution providers. Who knows what the future holds? If you think you can write an application on an OpenStack private cloud and move it to an OpenStack public cloud without any modifications, you're dreaming. Those moving to OpenStack should be doing so because of the potential of this technology, not for portability.
Myth 3: The public cloud providers will access and analyze my data without my knowledge
Public cloud providers couldn't care less about your data. They do care that you're successful with your use of their cloud — and that you pay your cloud computing bills. The myth that they are selling your data to third parties is just not true, nor are they using it for their own market intelligence.
If you're concerned about such use, then encrypt the information you place on the public cloud. That way, nobody can see it even if it's seized by the government or accessed by a bored cloud data center admin. If you're even more paranoid, don't use a public cloud provider.
Sign up for CIO Asia eNewsletters.