The Security Concern
Then, of course, there's the security question. Despite reminders that even on-premise databases aren't immune to fraud or malice, there's something disconcerting about putting sensitive data and critical applications out in the ether, where they seem all-too-susceptible to wrongdoing. Of course, that doesn't stop major enterprises from leveraging the low capex and high redundancy of the virtual environment.
Gartner estimates that by the end of 2016, more than half of Global 1000 companies will have placed customer-sensitive data in the public cloud. Furthermore, there are a number of enterprises who may think they have side-stepped this frightening world of public clouds by opting for a "private cloud." But as Gartner's Lydia Leong points out on her blog, many customers think they've gotten their hands on a private cloud, even when they have done no such thing. A number of supposed private clouds actually use a multi-tenant shared resource pool model, and a number of "public cloud" resources have what amounts to private connectivity, rendering the separation far less clear than some providers would have their customers believe. The fact is, unless it's a closed network, it's a public network.
Public or private, there are a number of paths to increasing the security of a cloud environment, of course.
There are a number of handy tips available for virtualization security available through the Cloud Security Alliance, of which companies from AT&T to HP to Oracle to Telecom Italia are members. Hypervisor introspection can detect even tricky bugs like kernel level rootkits. Host-based security, meanwhile, secures each virtual machine. Data can be encrypted at the file level before it enters the wider network. The code for boot OS and hypervisor can be kept as small as possible to create a tiny attack surface for malware. In these and many other ways, security can be baked into the process. In addition, tools like hash value verification can ensure that data remains uncorrupted and complete throughout the process of virtualization.
In addition, Gartner estimates that by 2016, 40 percent of enterprises will make independent security testing certification mandatory for any type of cloud service.
Opportunity Knocks
Therefore, just as service providers are presented with an opportunity for facilitating and offering cloud services, backed by a level of network visibility that many other cloud providers can't match, there is also an opportunity to make this cloud access as secure and resilient as possible as a competitive differentiator.
Vendors are clearly aware of the opportunity to help CSPs accomplish these goals. In fact, as I was writing this article I received a news alert that cloud software company Joyent just raised $85 million to pursue global growth, with the tackling of those three top concerns among executives I stated earlier (performance, security, and reliability) mentioned as their main missions.
Likewise, any number of OSS and BSS providers have extended their solutions for service assurance, SLA management, billing, and other key applications to cover the emerging cloud services market. Heck, many have even begun offering their software platforms as a managed service through the cloud.
In short, vendors and providers, alike, are putting up, and the struggle to provide a reliable, secure cloud continues. Like any nascent technology, the road to the cloud is fraught with challenges, but as end-users are, increasingly, able to see the benefits of the cloud's possibilities and, more importantly, cloud providers are able to prove that they are capable of realizing those possibilities, gains are made. After all, dangers exist for all centralized computing and storage solutions. But where there is danger, so too is there opportunity.