I’m pretty sure your organization is using the cloud for something now. And I’m darned sure you’re going to be using the cloud for something five years from now. It might be an IaaS deployment of your own private cloud, or a PaaS provider to host your own SaaS application, or maybe just good ol’ fashioned hosted email and CRM.
I just don’t see it going back the other way, although in my 40 years in IT I have seen a pattern of centralize/decentralize/centralize, sort of like an accordion bellows going in and out and in. So what’s different about this centralization? Or is it decentralization? Maybe that’s the point, that cloud computing can dismiss the notion of “center” completely. Central IT? A thing of the past, perhaps never to return to the way we knew it pre server/storage/network virtualization.
Bring in the naysayers, the anti-clouders who have a fantastic built-in reason why they or their particular industry will never adopt the cloud model. It’s the dirty little secret of the cloud, a/k/a SECURITY. There are those out there – you know who you are – who claim the cloud inherently insecure, with no way to ensure the same safeguards that privately hosted infrastructure offers. The only problem is that I’m not sure the distinction of hosted in my facility and hosted in a cloud provider facility is as clear as it used to be.
First, there’s the network. I remember leasing lines from one facility to another back in the 80s. Was I sure that was secure? Absolutely. It would have taken Richard Nixon’s dirty tricks squad to cut into that SNA/SDLC traffic. As if anyone would have wanted to other than a competitor. Today virtually every organization ties to remote sites via a major internet provider, just another line leased not point to point but as part of the global packet switched network that everyone in the world shares. So there’s no security advantage there.
When it comes to authentication users have perhaps advanced to the point where they no longer put their User ID and password on sticky notes on the screen, instead texting that information to themselves so all they need do is look it up on their phone. But once again, for most organizations it’s still just those two pieces of information, even more so as organizations move to web apps (with web servers hosted where, by the way) to access business critical information. VPNs? They seem increasingly rare to me, am I the only one? There is the performance issue of users connected to the tunnel all day who use corporate bandwidth for everything, even web browsing.
It comes down to the providers, doesn’t it? You can get two-factor authentication from a host that provides the level of physical and logical security your particular application demands. As the price of shared infrastructure continues to drop vs. the price of your personal owned infrastructure, today’s security woes will eventually be a dim memory. When will that day be? Is it here now? You tell me