Justice League Blog
Cloud Risks When You Become A Service Provider
The European Network and Information Security Agency (ENISA) published their analysis of security risks from cloud computing. It’s a well thought through paper and it complements the work on cloud security guidance being written by the Cloud Security Alliance. What I like about both the ENISA report and the CSA Guidance (I’m an author of one of the sections and, yes, I like my eating my own cooking) is that both documents take the point of view that Cloud Computing is going to happen and that security is going to have to deal with it.
There are certainly security risk for applications migrating to the cloud. These risks involve both security concerns such as the confidentiality of the information stored in cloud services as well the legal implications concerning the liabilty if a system is unavailable. This focus of cloud computing risks on the consumers of cloud services by both of these organizations seems justified. After all, how many companies are going to be cloud service provides?
Well, that’s what I thought.
Now, I’m thinking that if Cloud Computing really catches on (beyond everyone writing about it and attaching the word “Cloud” to any product or service that’s connected to a network) then I suspect that most “consumers” of Cloud Computing will want to be service providers too.
What caused this change in thinking was the article I read about how Larry Ellison “created” the network computer back in the 90s. The network computer really is what we call Cloud Computing today. Combine that with how SOAs evolve within an enterprise. They start as disparate web services, but then eventually the business units provide services that are their key data to the organization. With Cloud Computing it will be your business (not just your business unit) providing services (data) to other businesses.
The question is how you’re going to do that. I suspect that youll be exposing some kind of PaaS environment that your partners will write application-lettes in. These application-lettes are going to be doing the combining of data from your two systems. On which PaaS the application-lette runs is going to depend on which the amount and sensitivity of the data.
AI had a second coming in the 80s, aren’t we ready for a second coming of “The Internet is the Computer” in the 10s?
[tags]software security,cloud computing[/tags]
