Since the initial brainstorming for the creation of the Cloud Security Alliance in 2008, we have seen what seems like a lifetime’s worth of product announcements, initiatives, speculation and pontification about cloud computing. Many have raced through the side street called awareness, are weaving on the freeway called adoption, trying to steer clear of the semi-truck of downtime and hoping not to get pulled over by the flashing lights of compliance.
When your football game is interrupted by multiple cloud commercials, you know the hype machines are in overdrive. You know what? I believe the hype. I believe cloud computing technologies represent the migration of computing into a utility, and a rethinking of how we manage and leverage knowledge. What could be more transformational than that?
I recently had the opportunity to provide the commencement address for my alma mater, and was asked to convey a message from my industry that would be relevant to all graduates. My message was to think big, as I believe that the cloud, social networking, and mobility empower an individual as never before to change the world. We have all heard the stories of a rogue employee who used a cloud service to complete an objective in days or hours for a few hundred dollars, after being told by his or her corporation that the task was going to take months and cost hundreds of thousands of dollars. That a corporation can potentially save a mint in IT costs is less interesting than the fact that individuals are able to solve big problems without needing the corporation. This will certainly reshape every industry, and will likely need to be catalyzed by the digital babies -- those without any memory of an Internet-free world and fearless of the barriers my generation perceives.
For the information security industry, I believe cloud computing technologies represent our opportunity for redemption. Even in its infancy, I have seen innovative security professionals solve security problems with the cloud, such as by using cloud elasticity to thwart certain DDoS attacks. As our information and applications are migrated to a next-generation platform, we have the opportunity to rethink the security controls we need and how they might be implemented in a virtual world, and that will certainly impact the types of solutions we build. How can we leverage the cloud to better respond to threats? How can we better manage the integrity of systems and keep them up to date? How can we architect and instrument the cloud so the information that is flowing into it is classified, encrypted and policies are enforced? Now is the time to answer these and many more questions.
For the information security industry to ultimately survive and prosper, we need to think big as well. While regulatory compliance is something we must focus on, we also must be bold and forcefully question the logic behind many regulations and push for harmonization of regulations that impact cloud commerce on a global basis. Now is the time to push user-centricity in managing identity online and allowing a robust user-controlled credential to be used pervasively. We must now push to extend identity management beyond users to data, devices and applications as well.
These are just a few of the ideas I have been thinking about, I hope to share more in future postings at SearchCloudSecurity.com. Be bold, think big and create a new and better information security industry in the cloud.
About the author:
Jim Reavis is co-founder and executive director of the Cloud Security Alliance.