My sense is that this trend is moving much more rapidly than anyone recognizes, and that organizations are embedding cloud computing and big data into their environments quite quickly. The scale of the adoption, though, is going unremarked because the efforts are being implemented on a piecemeal basis. Individually, they are interesting; in aggregate, they are remarkable.
One of the biggest challenges of this transformation, in my view, is the outstripping of the IT capabilities necessary to manage this new environment. Essentially, manual procedures are confronting a world too massive to manage the old way and, much like Lucille Ball and the chocolate factory, they are being overrun by scale. (Just to be clear, this is not an IT jeremiad. Rather, it is a questioning of our current solutions to a new scale of challenge.)
Security ranks among the most common concerns about cloud computing. Survey after survey cites concern about the security of cloud providers as a main inhibitor to adoption-although, as I just noted, adoption is proceeding apace and, in my experience, accelerating despite this concern.
How-To: 10 Ways to Ease Public Cloud Security Concerns
Unfortunately, most of the solutions I've seen seem to center on applying existing manual solutions to the cloud environment. In effect, the desire is to address security by impeding the move to automation and forcing it to follow the established procedures. For the reasons outlined above, this is likely to be unsuccessful and will lead to security being bypassed, or, even worse, applied in the form of a Band-Aid version of the old solutions with the hope that they will suffice.
The 6 Key Characteristics of Big Security
I firmly believe that a new approach-a complete rethink of the topic-is required, with new solutions (and processes) developed to deal with cloud computing. It's something that might be termed "big security."
What would such a thing look like? Put another way: What are the key characteristics associated with "big security?" Here are some thoughts.
Developed into products, not bolted on later. For sure, in this new world, for security to have a chance of success, it must be part of the environment and application, not a separate product and process bolted on later in a security review. Just as DevOps has resulted in operations being integrated into the application, so, too, must security be infused throughout every element of the application, from initial user contact to data integrity checking through to fraud detection.