The sport of cloud-bashing seems to be catching on, with several thoughtful articles appearing very recently, including Seven Technical Security Myths of the Cloud, Don’t Buy Cloud Computing Hype: The Business Model Will Evaporate, and most recently Marketing Cloud Computing to Carnivores which bashed my recent (cloud-promoting) article Fake Fries and Vapor Shakes: Where’s the Beef?
This is healthy debate about an important topic, so I’d like to put the core issues on the table, add some perspective, and continue the dialogue.
Where’s the Beef? makes two points:
(1) the economics of the cloud service provider business model gives cloud providers an unfair advantage (economies of scale, access to capital, etc.) in addressing cloud security challenges – which are grand challenges I admit – and due to this advantage I predict cloud service providers will eventually offer better security than your average on-premise solution; and
(2) the most interesting and relevant topics in the context of cloud security are about new solutions attempting to bring security to the cloud.
Some of these solutions will work, most won’t. That’s the nature of innovation. Even as a cloud promoter, I admit that most cloud services today are worthy of the security criticisms articulated by cloud-bashers. That, too, is the nature of innovation.
My biggest issue with the cloud-bashing arguments is that they identify security issues with current cloud offerings and conclude the cloud will never work.
The Innovator’s Dilemma by Clayton Christensen shows that many key innovations follow the path of “trickle-up economics” (and no, we are not bashing Ronald Reagan). This is when a new innovation begins life as a clearly inferior solution appealing only to the lowest-end market segments, often capturing the least discriminating customers based purely on cost and convenience. After building scale, companies selling these low-performance (but cheap and convenient) new products use economies of scale to improve quality and performance and gradually move up market, ultimately disrupting and displacing expensive, mature, and “enterprise class” solutions that appeared invincible a few years earlier. Christensen offers many examples in his books including a detailed history of the disk storage industry, but also covering the history of disruptive innovation in flash memory, the microprocessor, the PC, the PDA, Honda motorcycles, Quickbooks, mechanical excavation, minimill steel, discount retailing, ink-jet printing, and insulin (talk about a random list!)
Will cloud computing follow a similar course? We won’t know for years. I think it will. When I read statements like “The market is very immature and I’d be surprised to see wide adoption of IaaS or PaaS by enterprise-class clients” I think “Yes the cloud market is immature, and immature solutions don’t take root in the enterprise.” It’s an evolution, not a revolution. It’s a process, not an event. The cloud is following a trickle-up path. This will take a long time.
What we have here is a difference of opinion. Opinion about the future. Neither the cloud-bashers nor the cloud-promoters can prove they are right. As Christensen said “Markets that don’t exist can’t be analyzed.” Only time will tell.
The cloud-bashers referenced above are smart, experienced IT security professionals with a healthy skepticism toward utopian promises from IT vendors. I respect their opinions and their skepticism. And skeptics are usually right in this business. Even so, in this case I think the cloud computing vision will be realized. Eventually. In the long run. Not in a utopian way, but in an evolutionary way.
I think the analogy Nicholas Carr drew in The Big Switch between the evolution of the electric utility industry and the likely course of cloud computing is a decent analogy. (And many of us held this same opinion when this whole concept was called “utility computing” … the “cloud” label isn’t the point.)
The most relevant points of debate are about current examples of the fits and starts of cloud evolution. Will cloud solutions succeed in “trickling” up-market or will they become extinct after a short life?
What do you think?
- Will cloud service providers eventually provide the degree of security the majority of the market demands?
- Are you seeing cloud security solutions today that are making important strides toward the goal of cloud security?
- What must change in the way we think about security to make cloud offerings secure enough for mainstream markets?
At Secure Cloud Review we look forward to the conversation around this, and similar issues.
