In this interview, Marinescu outlines a variety of interesting facts about cloud security, illustrates how the cloud has shaped enterprise security, and provides insight into key future trends.
How has cloud computing shaped IT since it stopped being just a buzzword?
There is little doubt that cloud computing has revolutionized our thinking about information processing and information storing; its impact on the activity of many organizations, large and small, as well as on individual application developers, is a proof of the economic benefits of the new paradigm.
The very large number of applications running today on clouds show the appeal of virtualization, when users work in a familiar environment rather than being forced to operate in an idiosyncratic one.
The cloud computing landscape is continually changing, new services are offered and new providers enter the scene, increasing the competition among CSPs (Cloud Service Providers). But more work needs to be done. Improved security and a higher degree of assurance, performance isolation, and solutions to the problem of vendor lock-in and interoperability standards are at the top of the list of cloud users concerns.
Robust and economic solutions for cloud resource management, the ability to support elasticity without over-provisioning, security and reliability of the cloud infrastructure, and effective cost models are the main problems for the CSPs. In turn, both users and service providers would welcome the elimination of some of the inefficiencies related to resource virtualization and effective means to support interoperability.
The standardization efforts underway face many technical, business, and legal challenges. It is also unclear if standards based on the current state of the art in cloud computing will not have a negative effect and discourage future innovation.
How has the cloud affected enterprise security?
Security and privacy top the list of public cloud users concerns. It is impossible for a user to have a complete picture of all the operations affecting the data stored and processed on the cloud. Confidential data can be accidentally disclosed to a third party when files are replicated or moved from one storage device to another and the space where it previously resided is not annihilated. Accidental disclosure is also possible when the physical memory of the pages of one process is not scrubbed, before being allocated to the pages of another process.
Clouds are also vulnerable to the traditional threats of systems connected to the Internet and to problems caused by malicious insiders. Auditability is still a distant dream for the cloud systems we are familiar with. These facts limit the appeal of cloud computing for many organizations with strict security and privacy requirements.