Securing the Cloud

Last week, I took part in a panel on cloud adoption at the Bloomberg Enterprise Technology Summit. Joining me on the panel were the CTO for Infrastructure at Zynga and a panelist from one of our major competitors who said, “The cloud doesn’t make security different from IT, because you have to think about security in IT in general and the cloud just adds other elements.”

I happen to disagree. Cloud has turned security literally on its head. Today, enterprise IT is asked to secure data centers that were not built for— and no longer operate on— virtualized services. They don’t necessarily see applications in the world of SaaS. They don’t necessarily control user devices. That’s the world of security in the cloud. That is a very different world from the environment where they control the device, they control the app, and they control the infrastructure and the networks.

Security has changed quite fundamentally in the cloud. Against that, we need new tools and new approaches to it. It needs to be bound to the virtual level; it can no longer be bound at the physical level. It needs to become behavioral and predictive. We’re seeing many of the Big Data tools coming to be applied to the security world. We think this is a very transformational time for security, moving to a world that is entirely different from what existed before. We can’t reapply old, broken tools to an entirely different architectural domain to achieve the security of tomorrow.  

Another topic we discussed is whether we see enterprises migrating from public to private clouds, or the other way around. My answer was, “Yes!”

Ultimately, the answer for all large enterprises ends up being a hybrid cloud – some combination of the two.  There are numerous reasons why people don’t want to go to the public cloud: Security issues, legacy application issues, regulatory and compliance issues; there are many things they don’t want to move into a public setting. But, public clouds have great attractiveness. Maybe it’s for spillover, maybe it’s for extra geographic reach. I’ve seen data from industry analysts that say 10-25% of cloud adoption is in public clouds and the other 75% is in private clouds. [Read an interview I did on why EMC believes hybrid clouds will become the de facto model.]

We’ve seen enterprises start up in the Amazon public cloud model and then migrate to a private cloud once they get larger. In fact on that same panel, the Zynga CTO described that they will move from 100% Amazon to 80% private cloud this year with only spillover/peak capacity remaining in the public cloud.  Increasingly, we see private clouds becoming service providers where people transform their business models and say, “My data services are no longer an internal operation only. I now want to turn this investment into a monetizable SaaS offering for my customers,” whether in financial services, or oil and gas, or so on. Then they become service providers.

The payoff of the ITaaS model in a hybrid cloud environment is that enterprises get far more flexibility. Then, with the cost savings they realize, they can take some of the 75 percent of IT budgets being spent to keep the lights on, and free up dollars to fund business innovation. They are able to drive the speed of new services, new applications, provisioning of infrastructure, and turn their traditional IT models into an “as a Service” model, which enables far more business agility and competitive advantage for those who carry the journey through.

About the Author: Pat Gelsinger