Cloud computing may have a bright future but security issues as yet unresolved may darken the horizon for early...
adopters ready to experiment.
Dave Rosenberg, CEO of Mule Source, the open source infrastructure and integration software innovator, is leading his company out onto the Cloud, but, at the same time, he offers cautionary words about security and potential problems with that old IT bugaboo, vendor lock-in.
Not content to just read about Cloud computing, Rosenberg decided to experiment with the Amazon Elastic Compute Cloud (Amazon EC2).
"We did an experiment internally where we put Galaxy, which is our SOA governance tool, into VM and deployed it on EC2," he explained. "Then we asked: 'Could we manage our assets inside and outside the enterprise from the Cloud.' The answer was sure. But the security mechanisms are actually very minimal."
Currently, security on the Cloud is primarily based on Secure Socket Layer (SSL) technology, Rosenberg said, although he saw OpenID and other security mechanisms moving into the Cloud. He is skeptical about the wisdom of widespread enterprise adoption at this stage.
"It's still questionable whether you want to have enterprise artifacts [for example, XML Schema, process definitions and policies] floating out in the Cloud where we don't have a lot of control even over the backup of it," he said.
Gartner analysts are also urging caution for enterprises contemplating the Cloud.
"Cloud computing is just emerging," said Susan Landry, vice president and distinguished Gartner analyst, in answer to a question from SearchSOA during a Webinar this week on application development issues "The vulnerabilities are being discovered."
What you can and should do [is] unfolding as we speak."
"What is critical is to keep current with how Cloud computing is evolving," Landry said.
Beyond security, under the category of Cloud issues that "haven't been completely figured out yet," Mule Source's Rosenberg placed portability and standardization.
In the current early stages, each vendor is building data center infrastructures with its own configurations, which may not make it easy for an IT organization to move from one Cloud vendor to another, he said.
"Today you're reliant on the Cloud vendor's infrastructure and the way that they do things," he said.
The problem may be addressed. The open source community is working to address this issue through a project called Eucalypts, Rosenberg points out.
"They did some open source Cloud work that allows you to create an internal Cloud that looks just like Amazon [EC2]," he said. So, he continued, if you go to deployment and then want to put your Cloud apps in a different data center, that is becoming a more realistic possibility.
While offering cautions, Rosenberg is optimistic about the future of Cloud computing. He said many of the security and portability issues are likely to be resolved as the major vendors offer Cloud data centers for the enterprise.
As an open source vendor for the SOA market, he sees a future where "the Cloud should just be another endpoint."
"What I'd like to see is a point where we can start to move actual apps and utilize computing power on demand, rather than having to build out a full infrastructure," Rosenberg said. "It'll get there. It's just not there yet."