Security ranks among the most common concerns about cloud computing. Survey after survey cites concern about the security of cloud providers as a main inhibitor to adoption-although, as I just noted, adoption is proceeding apace and, in my experience, accelerating despite this concern.
Unfortunately, most of the solutions I've seen seem to center on applying existing manual solutions to the cloud environment. In effect, the desire is to address security by impeding the move to automation and forcing it to follow the established procedures. For the reasons outlined above, this is likely to be unsuccessful and will lead to security being bypassed, or, even worse, applied in the form of a Band-Aid version of the old solutions with the hope that they will suffice.
The 6 Key Characteristics of Big Security
I firmly believe that a new approach-a complete rethink of the topic-is required, with new solutions (and processes) developed to deal with cloud computing. It's something that might be termed "big security."
What would such a thing look like? Put another way: What are the key characteristics associated with "big security?" Here are some thoughts.
Developed into products, not bolted on later. For sure, in this new world, for security to have a chance of success, it must be part of the environment and application, not a separate product and process bolted on later in a security review. Just as DevOps has resulted in operations being integrated into the application, so, too, must security be infused throughout every element of the application, from initial user contact to data integrity checking through to fraud detection.
Integrated. This may be a pipe dream, but the security solution should be integrated. In other words, it should be a single solution that can be implemented, not a variety of solutions-even if they're provided by a single vendor in what I call Frankenstein solutions. End users are overwhelmed by the level of expertise necessary to install and integrate disparate solutions. When I read about systems being compromised because end users did not properly configure or update their systems, the evidence is plain.
Scalable. I've already mentioned this, but the entire IT industry, myself included, vastly underestimate the scale we will confront in the near future. Look at the automobile. While many (including me, again) point to the transformation wrought by mass production, far fewer consider the way automobiles have transformed our lives and come to dominate our society. They've scaled well beyond what anyone might have imagined when the mass production of Fordism first came onto the scene.
In the future, security will need to work in an environment hundreds (yes, hundreds) of times larger than previously seen-nd that environment will sprawl throughout the world. Part of it will be what Dave Asprey calls the ambient cloud. It will also be distributed application environments connecting back to data collection and analytics hubs such as Nike+ FuelBand, which essentially turns the human body into a networked domain. (Regarding this environment, I have been powerfully affected by three books I've recently read-Daniel Suarez's Avogadro Corp. and A.I. Apocalypse by William Hertling-which use the thriller fiction form to depict a very-near, very convincing world of mass processing, connectivity and data.)
Sign up for CIO Asia eNewsletters.