About a year ago I attended the Enterprise Cloud Summit in Las Vegas and ended up leading a CloudCamp session on security. When asked to summarize my session, I raised more than a few eyebrows when I let it slip that “security did not matter”. My intent was not to downplay the importance of protecting cloud environments. I simply did not see security as the major inhibitor to cloud adoption in 2009.
In my CloudCamp session we spent very little time on security. The people I met that night were mostly trying to figure out what this cloud thing was really all about. When you can’t tell the difference between cloud computing, hosting and Gmail, practical security issues are just about the last thing you worry about.
Fast forward a year and things look a bit different. In my session at CloudExpo a few weeks ago I had a more experienced crowd. It was clear that people moved on from state of information overload to solving practical problems, though manageability, not security, is what occupied their mindshare.
In my session, I spent a bit of time painting a picture of what cloud adoption in 2015 may look like for a typical enterprise. Most people in the audience agreed, except for one guy. He simply wasn’t buying it. Had he a pair of rotten tomatoes handy, I am certain I’d be wearing them on my face. I couldn’t resist doing a roll call and as I expected, every one in the room either owned a business problem or developed software to solve a business problem. Except for this one guy. He was in Enterprise Security and he was visibly ticked off that his responsibilities will be increasingly trusted to service providers.
It will take a bit more time for the cloud technologies to mature before people really grasp how their lives will change in the process, but security practitioners already know that nothing will ever be the same. And they don’t particularly like it.
Want proof? Try to find a cloud standards effort as mature and well organized as the Cloud Security Alliance. Most are in their infancy, while CSA has an incredible amount of momentum. I am grateful that so many people behind CSA are working on important problems and v2 guidance is much improved from the initial release, but above all the document published by CSA reads like 75+ page list of sales objections to cloud computing written by people with something to lose.
Call me a cynic, but job security, rather than the need to keep information secure, will be the biggest inhibitor to cloud adoption for some time.
{ 1 trackback }