Skip to content


Cloud Security Alliance Conference

The best minds in cloud security are meeting today at the Cloud Security Alliance Private/Public Cloud Summit…no, not really. I just wanted to say that because it typifies the hype and marketing I often find in cloud computing model discussion. There are a lot of smart people here, though, and the presentations are interesting.

We have heard about compliance in a presentation by Symantec that should have been titled “Why SAS70 (still) has zero value”. Naturally the compliance presentation brought up the ubiquity of LAMP.

We also have heard from Dell about how they support LAMP, especially after their merger with Perot. They offer consulting services for LAMP, to get your company in the public cloud.

The Burton Group presented on the trust and identity models of private and public clouds, and how LAMP might be deployed.

LAMP? It’s the Linux Apache MySQL PHP (or Perl) model of computing. I guess it’s more PC (pun intended) to just talk about cloud computing instead of calling it enterprise LAMP.

eBay, also a cloud provider, presented on identity and encryption and how they are moving to a public cloud as a consumer. They didn’t mention LAMP but you know it’s in there. Instead they talked about how cool it is to deploy code to handhelds and phones…oh, yeah, and I’m sure they were developed by the best minds in cloud. Next please.

Aside from the LAMP angle, what stands out most to me is the notion of linear change. Every presenter is working with the assumption that traditional computing was transformed by virtual, which then became private cloud and will eventually achieve public cloud status.

This strikes me as awkward, if not completely skewed. Many people obviously are vested in the public cloud as the height of evolution (those selling products and services). Here’s a typical comment, found in the eBay slides:

“Private clouds do not offer the cost savings of public clouds”

Click. Next slide…wait, wait, just wait one minute. How is that cost measured? Are you considering privacy cost savings? What about control and compliance cost savings?

Long story short, I see an evolution ahead from proprietary but public cloud to distributed and open public cloud. This is like saying the true private clouds will come about just like LAMP. What do I mean by true private?

Remember how data was put on the Apple, IBM, Sun, Microsoft and Oracle etc. devices while they promised “cost savings” versus roll-your-own systems? LAMP grew and evolved and roll-your-own has again become the future of data management.

Look at the cloud option when you install Ubuntu 10.04 and you see a hint of the future cloud. They will be in loosely confederated private hands, rather than strictly in a “public” and proprietary model.

Those who advocate clouds achieve their final state as public only, in the large corporate and proprietary sense, seem to forget government regulators are a huge factor in confidentiality, integrity and availability. You want privacy? Oh, yeah, then don’t go proprietary. You want high availability (e.g. you can’t cut off someone’s service over a contract dispute or non-payment issue), then don’t go proprietary. Go LAMP, go open.

It seems to me thus that Amazon, Microsoft, Google cloud solutions are a stepping stone and not the end of evolution. We would be wise to call it the proprietary phase of cloud that will be followed by the movement to open platform cloud options.

The real end-state, the future after public clouds, could be something like a contiguous and private network created from appliance-like cloud apps meant to run on any system — like TOR or P2P. Imagine, for example, that every computing device owned by a company (laptops, desktops, handhelds…everything) could provide some portion of CPU, network and memory to their very own compute “cloud”. The role of security in all this will be to allow customers to deploy a free and open cloud infrastructure themselves without the need to hand over everything to a “provider” that they can never trust without real/tangible costs.

Posted in Security.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.