At an RSA conference no less.
Here is a a news flash: Security has to be the PRIMARY concern. Not just some inconvenient speed bump on the way to making money.
For someone to say this is quite revealing. No one has your company's best interests at heart. It is all about making a sale, and apparently security be damned in the process.
Cloud computing: resist until the industry players do their homework and ensure YOUR security.
Cloud computing: Resistance is futile
Summary
Speaking at the RSA Conference, Qualys's chairman said while the cloud may still have unresolved security issues, resisting the technology is not an option.
Topics
There may be a number of unresolved security issues around cloud computing — but if you try to resist the trend you are likely to be shown the door.
This was the claim of Philippe Courtot, chairman of security company Qualys, speaking at the RSA Conference in San Francisco last week.
"We know that it's getting harder and harder to secure the current computing infrastructure and something has to change. Fundamentally there are too many variables and too many security patches," he said.
Read more: RSA Security Conference
"The burden today is on the enterprise: they have to select the components, the servers, the routers and the applications, and to add insult to injury they have to secure that."
According to Courtot, the burden of security on organizations is too great, and the cloud is potentially the answer.
Proponents of cloud computing often point to the ability it gives businesses to buy services themselves, bypassing the IT organization. Courtot warned: "If you resist the move to the cloud you will be replaced. Resistance is not an option."
However, he still sees a role for the internal IT security team: "The security people will have a more strategic role because they will be selecting the correct partners," he said.
The complexity of combining cloud applications with traditionally sourced applications will also secure an important role for IT teams, at least in the short term.
Chief information officers, however, remain sceptical of cloud computing, and recent research by silicon.com saw it branded this year's most overhyped technology.
According to Courtot, a number of improvements are needed before cloud computing will be able to take off, including the development of more secure browsers, stronger authentication and federated ID in the cloud, secure open protocols and standards, and legal and contractual improvements.
This article was originally published on silicon.com.
Talkback Most Recent of 7 Talkback(s)
-
croberts28th Apr 2009 -
RE: Cloud computing: Resistance is futile
I rather think the market will decide, not Mr. Philippe Courtot. The jury is still very much out, for all sorts of reasons. It isn't just about security, it's also about performance and service guarantees. At our company somebody accidentally disconnected the main pipe giving us internet access, and we now have a slow connection. There is no date for the high-speed line to be reconnected. The stuff that we currently have in any kind of "cloud" is virtually unusable. Good job we don't depend on it, eh?
LordLiverpool28th Apr 2009 -
RE: Cloud computing: Resistance is futile
According to the last paragraph of the thread; basically cloud computing is still 100 years from being ready for prime time. Security is important and I would expect a security company to focus on it but data ownership rights also need to be addressed. Plus everything glossed over in that last paragraph. Resistance is not futile. The news is rampant with failing cloud vendors so if they are failing, why are they failing and what impact has it had on the customers?
Somebody is going to have to make the first move and guarantee data ownership and a "hands off my data approach". Basically if a country says to the rest of the world, "You can story your data in servers in our country and we guarantee no matter what content you put in the server, you own it and we won't look at it."
mr197228th Apr 2009 -
RE: Cloud computing: Resistance is futile
I'll keep my data inside my local network thank you very much. I like applications that run in a web browser because I don't have to install software on the workstation but the server has to be in my local data center.
jfp28th Apr 2009 -
The Cloud is Vapor.
Yes, there are a few cost benefits to a cloud computing as a model, but security trumps them all.
Once you factor in the virtually non-existent "quality of service" level agreements that most vendors offer, you find that the cloud is aptly named: it is a bunch of vapor obscuring the truth that there isn't really anything there.
Our data is our business. If it were compromised by a corporate competitor, then we have nothing.
Access to our data is necessary to continue business. If we used a cloud service and (1) we lost internet connectivity, or (2) their servers went *pop*, or (3) the vendor went bankrupt ... well then, we would go out of business with them.
Our data is controlled by the EPA, FDA, and IRS, as well as being covered by many regulations (such as S/O, HIPA, and other such accountability and privacy acts). Can the vendor guarantee (1) proper retention is maintained, (2) the data will not be modified in any way, and (3) that no-one else will be able to access it?
Can they ensure that the data doesn't leave the governing body's zone, or for that matter, become entangled by different legal requirements held by governments at their off-site data center's backup location?
Clouds are pushed by people who don't understand business practices, governmental regulations, and legal requirements.
For a business, keeping critical data in-house is simply neccessary.
Regards,
Jon
JonathonDoe28th Apr 2009 -
"you will be replaced"???
I don't think Mr. Courtot has a business where he has to trust others with his company's proprietary, business-centric data. If he had to actually put his real world data into the hands of some other company, he might rethink his statement. The cloud company would have complete access to Mr. Courtot's company's data, and an unscrupulous cloud company could very easily burn that data to CD/DVD and sell it to competitors. Is it legal/ethical? No, but it COULD be done, and having a cloud company that's not on US soil would mean that the SEC would have no grounds to step in and correct the situation.
Personally, I think that when Mr. Courtot stated, "If you resist the move to the cloud you will be replaced" his entire argument lost it's value for me. There may be a time that the cloud becomes a viable option for businesses, but it's not there yet, and if Mr. Courtot is mainly worried about is making more secure browsers, he's not really thinking his argument through.
MikeBlane28th Apr 2009 -
Broken record?
Let's see, in a few years everything will be perfect and the cloud will solve our problems. Sounds like the marketing drones at companies like MS who say whatever next version of Windows will be the best ever. Well, of course most things, be it a product or service we buy, should get better with time and refinement. To their credit, Windows has improved. However, the cloud proponents have been saying the same old same old for the last 4 years and it has NOT gotten any better. Why on earth should we believe the shills anymore?
ThePrairiePrankster30th Apr 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
