Recommended Article By Roger Grimes of InfoWorld
Cloud computing represents a major shift in the way you do IT security, so you’d best bone up in the name of job security
People still come up to me claiming that cloud computing is nothing but network computing with a “10-dollar word” attached to it. They’re wrong, though: Cloud computing represents a fundamental shift in information technology, in myriad ways. If you’re a security admin — whether for applications or infrastructure — your job is going to change.
There will be internal (private) and external (public) clouds that you will have to deal with, but they are so much more complicated than the traditional terms — LAN, WAN, intranet, and extranet — can describe. For one, the term cloud denotes a fuzziness about where the application bits and data are hosted. This is not only because of the business requirement for fault-tolerance and performance (which means the application servers and data are usually hosted at multiple locations), but also because virtualization is becoming almost an essential component of cloud computing.
In private clouds, advanced virtualization functionality is used to shift applications and data on the fly between various data centers depending on needs. Gotta patch a slew of servers? No problem. The virtualization software will (temporarily) shift the active sessions and data to nodes in another location. Involved in a disaster recovery scenario? Virtualization will ease the process of bringing up the apps and data in an area away from the disaster.
In public clouds, the issue of identifying where the application and data are stored is even more daunting. Often the cloud providers themselves don’t know where a particular app or dataset is located. How much more difficult is it to secure an asset when you don’t even know where it is located?