Technology industry is doing itself a disservice with its complex cloud taxonomy I’m in Washington DC this week presenting at a cloud computing and virtualization conference for Federal IT professionals. Yesterday, I hosted a 3-hour tutorial on cloud computing security where I presented a recent quote attributed to former Federal CIO, Vivek Kundra. Before leaving his post, Kundra stated, “a lot of people are sort of driving this notion of fear around (cloud) security, and the reason I think that’s been amplified, frankly, is because it preserves the status quo.“ I then asked the audience what they thought: Was cloud security real or overstated? While a few hands went up in support of Kundra’s statement, most audience members thought that cloud security concerns were very real.This perspective is consistent with recent ESG Research. When asked why public cloud computing was not a part of their organizations’ IT strategy, 43% of those surveyed identified “data security/privacy concerns” as the top issue. Why are there such divergent opinions about cloud security? Cloud computing is still fairly immature so there is lots of work ahead to improve cloud segmentation, cloud security controls, information sharing, identity and access management, and security oversight. Nevertheless, I think that cloud computing suffers from another shortcoming — after several years of hype, users are still really confused about what cloud computing is. Think about it. You’ve got cloud properties like on demand self service, resource pooling, and rapid elasticity. You’ve got an ownership model segmentation of private, hybrid, community, and public clouds. Finally, you’ve got delivery models like IaaS, PaaS, and SaaS (and others created for vendor marketing purposes). A lot more complex than explaining System z, Windows, or even server virtualization. Ultimately, cloud computing isn’t described as a new compute platform, it’s really a taxonomy. The technology industry is asking its customers to learn a new language — no wonder why they are confused. After all, how can users be expected to understand cloud security when they don’t even understand cloud computing?Cloud computing security issues are real but every time I present on this topic, I have to start by defining exactly what cloud computing is to level set with the audience. After 3 years of cloud computing build-up, this just shouldn’t be the case.Note to the technology industry: If you think your customers get it, you’re wrong. Therefore, if you want to sell cloud computing products and services, you need to work on education and communication as much as technical innovation. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe