Security vs Integration: What is the bigger risk?

Ok, this next statement is likely to get me flamed pretty solidly. But I’m doing it anyways. I disagree that security is the greatest risk facing companies that are considering the adoption of cloud computing technologies. Before you start firing back at me about this, please keep reading.

I recognize that security is a paramount concern for anyone considering a move to the cloud. I also strongly encourage anyone moving in that direction to make sure they are fully aware of any compliance challenges they may face. However, the fact remains over the last 10+ years; IT has developed a series of fairly robust and for the most part, successful patterns for securing data and applications.

Our network teams, infrastructure specialists, application architects, and compliancy officers have all become extremely adept at building the virtual equivalent of medieval castles whose primary purpose is to protect and safeguard access to our most sensitive assets, namely our data. Much like Fort Knox, these highly complex and closely monitored solutions keep our most precious resources safely locked behind iron gates.

I believe we’ve become too comfortable sitting behind our firewalls and appliances. We hide behind these fortifications and feel safe.

As we continue to move forward into the ever changing future that is IT, these castles are becoming a limiting factor. In today’s rapidly changing markets, we need to be able to adapt more quickly. To that end we’re starting to explore the possibilities of Cloud Computing, an approach that by its very nature is asking us to step outside the walls of our fortresses.

So now we need the IT version of an armored car. We put into it only what we need to do a specific job and make sure it has just the right mix of armor and mobility to get that job done. The truth of the matter is that the patterns and practices we’ll use to do this haven’t changed much in the last 10-20 years. Encryption, authentication, authorization, audits, etc… will all play a part in making this happen. There’s really nothing new here.

What I see as the real risk of Cloud Computing adoption is how we integrate public cloud computing platforms with traditional on-premise solutions. The technologies for accomplishing this are far less mature. We’re building new bridges, often with only partial understandings of the connections on both ends. This is the real risk and I’ve seen numerous accounts of failed cloud projects because this issue wasn’t addressed seriously enough.

So there’s my rant. I don’t expect everyone to agree with me. But hopefully there’s at least some food for thought. Flame away!


3 Responses to Security vs Integration: What is the bigger risk?

  1. Rob says:

    I have to say that I find this point of view a bit refreshing, and closer to reality than most surmise. Most folks I talk to go on and on about security, but when one digs under the covers, one finds that people generally have an overly-positive view of the actual security practices in their current environments.

  2. Rob says:

    The reality is that most of the cloud providers I\’ve talked with/visited, have significantly better security practices than most of the "security conscious" cloud detractors I\’ve talked with.

  3. Rob says:

    I in no way mean to minimize the importance of security, but would rather encourage folks to take an honest look at their current security profile and threat surfaces, and then evaluate whether or not a move to the cloud just might be a low-hanging-fruit means of adding security to some systems/data that currently are lacking.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: