I’ve been reading a lot of marketing hype from vendors like LogLogic and Fortinet touting that their software is now ready to “Secure the Cloud“. Both of these vendors believe the way to secure the cloud is to build a virtual appliance, then sell it to cloud providers. As stated in the post before this one, this is hardly the case, you need more than a virtual appliance to understand cloud security.
I meet with cloud service providers on a regular basis. While virtualization is a component of some cloud services, there are bigger issues and concern. Just porting an enterprise class single-tenet solution into a multi-tenant envrionment doesn’t work. It does not scale into the systems that mature cloud providers with dynamic provisioning processes use. You can’t take a hammer to a puzzle piece that doesn’t fit and expect no one to notice.
What these vendors should be doing is meeting with hosting and service providers to understand how they deliver their solutions. They will quickly begin to understand that they need to re-architect their solutions to support native multi-tenancy. By doing some basic requirements gathering, vendors will quickly learn that the actual software being provided is just one piece of the puzzle. There are conversations around provisioning, support for multi-tenancy, the ability to provide service-provider dashboards, integrated APIs, and other components that go BEYOND the two-dimensional software they are used to selling the traditional enterprise.
We need vendors to pull the reigns back on their marketing teams a little. We have to move beyond the hype and have some very serious security and business conversations with cloud providers. After we have the conversations, we can then build solutions that both provide a value-added service to their customers, as well as a seamless integration point to the lifecycle from commissioning to decommissioning of a customer instance. Instead of waving our hand across the customer and service provider and telling them you are cloud ready, how about we do some research and realize it takes more than a virtual appliance to stand-up a security offering that is REALLY cloud-ready.
{ 1 comment… read it below or add one }
Good potential thoughts here – but hard to take an article like this seriously with so many obvious and basic grammatical errors. If English isn't your first language (completely understandable…), then have a friend edit for you. But I can't help but think that if you're either too lacking in knowledge or too lazy to bother with correct grammar, then why on earth should we take your comments on a subject as advanced as cloud computing seriously?