[IMAGE]
[IMAGE] [IMAGE]
Andi Mann
[IMAGE]
Up front, I feel I need to make a fair disclosure statement: I am a cloud skeptic.
There, I said it. I know, I know -- as an IT analyst who is focused on virtualization and data center management, I should be a booster for cloud computing like most of my peers.
However, while I try to find enthusiasm (and the benefits seem so exceptional that I really do want to believe), the more I speak to seasoned IT pros about cloud computing, especially in larger enterprises, the more I hear it dismissed as an overhyped fantasy that fails to accommodate how IT actually works. In this article, I'll cover why I agree with the naysayers of cloud computing; especially when it comes to security and compliance.
Security issues in cloud computing environments
Within the enterprise and on the visible systems, most organizations pay extraordinary attention and devote considerable resources to IT security. Entire teams maintain strict granular identity and access controls. Production data is not mixed with testing data, customer access is not mixed with developer access, and sensitive workloads are kept separate from open or promiscuous applications. Security patches are kept up to date, configurations are monitored for breaches, workarounds are applied for zero-day threats and malware detection systems are constantly updated. Virtual images, hard drives and backups are encrypted and password-protected.
All of these activities are very particular to differences in platforms, applications, release levels, versions and other infrastructure details. In the cloud, where such details are supposedly irrelevant, who takes care of the intricacies of security management? How can enterprises be sure that cloud providers -- especially external providers -- are staying up to par as much as they should with patches, updates, workarounds, access restrict...
To continue reading for free, register below or login
To read more you must become a member of SearchCloudComputing.com
