The Future of Security in Cloud Computing

Infrastructure Security

There is without question a need for greater transparency regarding which party (customer or CSP) provides which security capabilities, as well as greater assurance over the CSP’s capabilities and efforts. It is likely that there will be increased agreement on what security capabilities each party is to provide, as well as some level of standardization across CSPs regarding CSP security capabilities with respect to specific offerings in the SPI service delivery model. It is also likely that this standardization and agreement will be reflected in operational SLAs.
In the future, identity management should be adopted to address the interrelationships between systems, services, and people. As intercloud (i.e., cloud-to-cloud) communications come into existence, due to customer demands these interrelationships will take on even greater urgency.

Data Security and Storage

Due to the nature of cloud computing (e.g., multitenancy) and the volume of data likely to be put in the cloud, data security capabilities are important for the future of cloud computing. Because of that, coupled with today’s inadequate encryption and key management capabilities, cryptographic research efforts, such as predicate encryption, are underway to limit the amount of data that can be decrypted for processing in the cloud. Recently announced capabilities of fully homomorphic encryption to process encrypted data should be a huge benefit to cloud computing. The future commercial viability of such capabilities would be a huge benefit to cloud computing. Similar research into large-scale, multi-entity key management should also be encouraged, as it would be of enormous benefit to cloud computing.

Impact of Cloud Computing on the Role of Corporate IT

As the adoption of cloud computing continues to grow, there will be a greater shift of IT functions and jobs from traditional corporate IT departments to CSPs. This will result not only in a downsizing of corporate IT departments but also in a commoditization of IT functions (e.g., which CSP provides the best of service x) and jobs. For organizations, this will likely mean hiring fewer specialized IT personnel. That IT personnel who are hired will likely not be actual practitioners, but managers or supervisors of the IT services provided by CSPs. It is likely that organizational costs spent on IT will decrease, as falling hardware costs will have to be passed on to customers at least partially by CSPs because of competition and fewer in-house IT personnel with skills demanding higher compensation than many other jobs. In addition, a shift in organizational payment for computing services from a centralized IT budget to business unit budgets will lead to greater efficiencies in computing services used.
This will affect the IT profession itself. Custom applications will be developed less frequently, and only in very specialized cases (i.e., narrow or niche markets). Similarly, applications will likely be less customized. (However, there will be an increased demand for and increased competition from CSPs to provide greater personalization of applications offered by CSPs.) This will lead to fewer application developer positions. It is also likely that strong pressure by customers for open systems will result in fewer proprietary systems and fewer systems using proprietary languages, such as today’s use of Apex by Salesforce.com or ABAP (Advanced Business Application Program) by SAP. Similarly, corporate IT departments are likely to hire far fewer system administrators, and such responsibility will shift to CSPs. And the growing number of servers maintained by CSPs will require a greater number of system administrators to be hired, in spite of increasing use of automated tools for configuration management. (Google alone is rumored to operate about 500,000 servers. And think about how many servers can fit into the 8 million square feet of data center space in which IBM Global Services operates?) There will also be a decrease in the number of network engineers needed by corporate IT departments, and again many of those jobs will shift to CSPs.

Leave a Reply

Your email address will not be published. Required fields are marked *