November 20, 2012, 3:22 PM — I find cloud computing conference chatter, concerns and presentations an interesting phenomenon. For the past five years, the No. 1 concern cited about cloud computing at conferences has been security-and it's probably going to continue for the foreseeable future as the No. 1 concern. It is, as I noted to one colleague, like living through Bill Murray's Groundhog Day . Every conference features the same discussions, the same solutions, the same sage nodding about the need to "address this and make users more comfortable."
The recent Cloud Expo was no different. It seemed like every presentation, keynote and conversation paid deference to the issue of security. However, I took a different tack-focusing on the revolution in user (i.e., developer) expectations made possible by cloud computing with a presentation on The Democratization of IT (summarized in this blog post.
I found myself reflecting on this unending focus on security. How is it-despite the intense interest in this topic, the many vendors in the cloud security sector and the endless presentations at conferences on the subject-that we don't seem to have moved beyond people citing concerns on the subject and on to actually establishing mitigation measures and best practices? It's like Waiting for Godot-and, just as in the play, despite all the talk, it never arrives.
Cloud Security Can Improve Enterprise Security
You might be tempted to conclude that potential users have examined security and cloud computing and realized that the security problem is intractable, therefore meaning that adopting cloud computing is unthinkable. Consequently, you might add, the continuing presence of the topic at cloud conferences reflects the inherently insecure nature of cloud computing.
I'm skeptical about that, however. I think it's unlikely that IT organizations have evaluated cloud computing and, after careful consideration, realized it has security flaws that just cannot be addressed. I'm particularly skeptical that security is so important a topic that it would keep IT organizations from adopting cloud computing despite their manifest interest in doing so.
Security, with respect to IT, is often cited, but it never seems to actually guide IT decisions. After all, this is an industry that eagerly embraced Microsoft Windows (and, more troublingly, Windows Server) despite its notorious insecurity.