The Jericho Forum refers to the new model of computing as "deperimeterized," meaning that security can no longer focus on implementing measures at the boundary of the data center. This trend is exacerbated by the elastic, transitory nature of computing resources in cloud computing environments. Security must be applied at every computing endpoint, and must be implemented automatically as part of a virtual machine initiation. This requires a rethink of the security products used, the methods by which they're installed and configure, and how security is monitored. Security personnel need to develop a new strategy and, similar to the devops concept, get involved early so that the appropriate security measures and processes are automatically injected into every instantiated computing endpoint.
IT financial analysts provide real-time, sophisticated data
IT and business units need to make resource allocation decisions quickly and cost-effectively. My last post addressed the challenges of capacity planning in a cloud environment; I believe that in the near future, IT organizations will need the equivalent of what airlines refer to as yield management--financial analysts capable of developing pricing structures and offerings to allocate scarce internal resources and guide appropriate applications toward external providers. Amazon implements this today with its reserved instances and spot pricing--but its efforts are designed to increase use in order to raise utilization rates. For internal IT groups, the challenge is likely to be in the other direction: with so much demand and a limited resource pool, measures must be devised to reduce demand. A complementary requirement to this financial capability is an operational and system management capability to support hybrid cloud environments with real-time application deployment options possible.
Legal and regulatory compliance personnel become part of cloud infrastructure teams
The vision of automated resource availability clashes with after-the-fact compliance review. For cloud computing to achieve its vision, the legal and regulatory compliance requirements for applications must be part of the provisioning process. The insights of compliance personnel must be integrated into the service catalog that is provided to resource consumers, which means that these skills need to be part of the infrastructure and operations group. Part of the decision tree for that real-time deployment decision has to be the compliance implications of deployment location, which requires integration of these requirements into the automated provisioning process.