By Guy Churchward, LogLogic CEO

Cloud computing tops Gartner's “Top 10 Strategic
Technologies for 2010.” They define a strategic technology as “one with the
potential for significant impact on the enterprise in the next three years.”
Gartner is somewhat right here. The fundamental problem I have is that the
industry has bucketed anything that can be loosely defined as cloud, virtual,
consolidatory, or anything on the network in the same term being cloud. All
of us loosely interchange public, private and cloud services to our whims which
quite frankly confuses the general public.

To be fair, Gartner does predict
that through 2012, “IT organizations will spend more money on private cloud
computing investments than on offerings from public cloud providers.” This is
great, but I long for the day where this nebulous or opaque term can be
segmented into public clouds, private clouds and more importantly ITaaS. This
is not only a trend for 2010 but has been feverishly worked on through the last
24 months. It has been wrapped up in a pretty bow and proclaimed as ‘cloud’ for
the convenience of propping up the ‘invisible dog leash’ fad-based early
startups that infest the wannabe public cloud offerings (or so they think).

Getting back off my hobbyhorse, there are two primary
reasons (amongst many) why the enterprise will not make major strides towards
the public cloud– lack of visibility and multi-tenancy issues which cloak the
real concern over critical data security.

Lack of visibility

The public cloud is opaque and lacks a level of true
accountability that will paralyze any enterprise account from releasing their
prized data assets to a set of unknown entities. Look at the value proposition
- no one consuming the service has visibility into the infrastructure. The
provider themselves aren’t looking at the infrastructure. Are SLAs relevant? And
if so, who can enforce or even monitor them?

The public cloud has received so much buzz in large part
because it professes to offer significant cost savings over buying, deploying
and maintaining an in-house IT infrastructure. While this is massively appealing,
it doesn’t answer any of the fundamentals of Quality of Service, network and
data security to name a few. Imagine the concern of opening up your internal
systems with a direct pipe into the ‘cloud’. This is the equivalent of leaving
your data center door open, while your data center adjoins a ‘how to hack
systems’ symposium .

Multitenancy Issues

The second reason why businesses of any real size will not
make the leap to the public cloud is: Multitenancy. Wikipedia (the font of all
knowledge) defines multitenancy
as “a principle in software architecture where a single instance of the
software runs on a server, serving multiple client organizations (tenants).” In
other words, many people using the same IT assets and infrastructure.  

So here’s the rub, EC2, Google, etc., provide true
multi-tenancy but at what cost to compliance and security? What about such hot
topics such as PCI or forensics? How safe are the tenants on a system? Who is
on the same system as you, a hacker or perhaps your dearest competition? How
secure is the isolation between clients? What data have you trusted to this
cloud? If you buy the argument, it will be your patient records, payroll,
client list, etc. It will be essentially your most important data assets. I
have to think this would be a good test of data asset Darwinism.

Cloud computing needs to cover its assets

Until the public cloud can provide visibility all the way
down to the IT infrastructures most simple asset – logs - enterprises simply
won’t risk it. To be deployed properly, a public cloud needs to understand logs and log management
for purposes such as security, business intelligence, IT optimization, PCI
forensics, parsing out billing info, and the list goes on.

Until then, in the grand scheme of risk mitigation,
enterprises will fear the cloud and per my recommendation, segment public cloud
from ITaaS in a private cloud. It’s a shame but as we’ve clubbed all the terms
into a single bucket. It turns all the lights red and in fact there’s a
tremendous value in cloud computing. But public clouds and enterprise
computing are a world apart and should be treated as such. And there are whole
rafts of risks to be consider along the way.