• United States



Contributing Writer

Cloud Confusion Fuels Security Concerns

Sep 08, 20113 mins
Cisco SystemsCloud ComputingData and Information Security

Technology industry is doing itself a disservice with its complex cloud taxonomy

I’m in Washington DC this week presenting at a cloud computing and virtualization conference for Federal IT professionals. Yesterday, I hosted a 3-hour tutorial on cloud computing security where I presented a recent quote attributed to former Federal CIO, Vivek Kundra. Before leaving his post, Kundra stated, “a lot of people are sort of driving this notion of fear around (cloud) security, and the reason I think that’s been amplified, frankly, is because it preserves the status quo.“ I then asked the audience what they thought: Was cloud security real or overstated? While a few hands went up in support of Kundra’s statement, most audience members thought that cloud security concerns were very real.This perspective is consistent with recent ESG Research. When asked why public cloud computing was not a part of their organizations’ IT strategy, 43% of those surveyed identified “data security/privacy concerns” as the top issue. Why are there such divergent opinions about cloud security? Cloud computing is still fairly immature so there is lots of work ahead to improve cloud segmentation, cloud security controls, information sharing, identity and access management, and security oversight. Nevertheless, I think that cloud computing suffers from another shortcoming — after several years of hype, users are still really confused about what cloud computing is. Think about it. You’ve got cloud properties like on demand self service, resource pooling, and rapid elasticity. You’ve got an ownership model segmentation of private, hybrid, community, and public clouds. Finally, you’ve got delivery models like IaaS, PaaS, and SaaS (and others created for vendor marketing purposes). A lot more complex than explaining System z, Windows, or even server virtualization. Ultimately, cloud computing isn’t described as a new compute platform, it’s really a taxonomy. The technology industry is asking its customers to learn a new language — no wonder why they are confused. After all, how can users be expected to understand cloud security when they don’t even understand cloud computing?Cloud computing security issues are real but every time I present on this topic, I have to start by defining exactly what cloud computing is to level set with the audience. After 3 years of cloud computing build-up, this just shouldn’t be the case.Note to the technology industry: If you think your customers get it, you’re wrong. Therefore, if you want to sell cloud computing products and services, you need to work on education and communication as much as technical innovation.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author