Back again finally. Things are as busy as ever here.
Was at a conference recently and had a CIO of a fairly large insurance company make an observation about moving applications to the cloud that I think hits the nail on the head around a major problem in the adoption of the cloud.
He said “one thing I have come to realize is that when I move my application to the cloud, all of the security of my networks and firewalls that I have invested in over the years disappears. The only defense I have left is identity and data security in the application”.
This drives right to a major issue facing migration to the cloud. Running applications in someone else’s data center is not new (we just gave it a fancy title “cloud”). The major factor holding back the adoption of the cloud by companies today is controlling authentication and authorization remotely.
Not many CIO’s feel comfortable putting all of the user information and security policies on equipment that is not located internal to the company and under the direct control of company employees. CIO’s who rely on lawyers and contracts with host providers are setting themselves up to look for work. Even if you can sue the pants off of your cloud provider, the basic problem is a breach would have occurred and your people are not involved at the security level.
Therefore, the solution is quite obvious. Identity and security need to be delivered as a service to the cloud instance. And it needs to be rock solid. The security service needs to be maintained on internally hosted platforms and applications need to be modified to work with external security and policy services.
This is evolutionary step that will make adoption of the cloud happen on a large scale. Just as desktop applications needed to be rewritten to client server paradigm, then morphed into web based models, now to mobile apps, applications will have to adapt and evolve to an external security model delivered as a service versus being embedded or co-located with the application.
