Feeds

The cloud virtualization black hole

Silence is deafening

  • alert
  • submit to reddit

SANS - Survey on application security programs

Reader Workshop Last week was an interesting one for the virtualization workshop, as we turned our attention to cloud computing and the reaction has been, well, nothing. Well, that's not quite fair – the comment on Virtualization and the cloud was, "Good article. Please, I implore you to add case studies," and on Unravelling the cloud confusion was "Where's the silver lining?"

There's not much we can read into either of these points, other than saying "good idea" to the case studies thing (indeed, we often get these through your own comments, so don't hold back!) – but the overall silence was deafening. It was similar when we asked what came beyond virtualization in a previous week. Now, we don't want to spend too much time hypothesising over what does, in fact, present a gap in our knowledge – though there does seem to be a level of "just don't know" when it comes to thinking where virtualization might lead. It is interesting instead to turn our attention to another article last week about applications/data and the cloud, which did raise a hefty number of comments.

The crux of the responses (which will indicate why this is relevant) was about trust, that is indeed, whether information is any safer in the cloud than in-house. Here's a selection of responses:

Utilising a cloud service as a core business process is idiotic in the highest degree. It is just plain stupid on so many levels.
I don't trust the cloud solution - I much prefer to have it all where I can keep my finger on it.
Storing normal information on the cloud is in itself a dangerous prospect, but when you realise the majority of companies process personal data of one sort or another it becomes clear just what a compliance nightmare this really is.

It's interesting to keep this perspective in mind when we look at virtualization and the cloud. Yes, sure, the virtual machine does offer a portable bucket in which applications could run, and indeed, this bucket could notionally exist anywhere that there is accessible processor capacity. But just because it can, doesn't mean it should. Why not? There are some pretty fundamental data protection issues for a start – which are only just starting to be talked about, never mind tested in the courts. Indeed, some of the comments were questioning whether cloud-based services were in fact legal under data privacy law in some jusrisdictions.

There are also questions over the longetivity and stability of some of the newer kids on the block. And finally of course, the cloud model remains largely unproven – though hosting has been around for years, the wholesale handover of IT to what remains a series of unknown quantities would be as foolish as... oh wait a minute, that's happened before hasn't it?

Cloud computing may offer a whole bunch of benefits over existing kit, but it doesn't appear that anybody is rushing to get to the front of the stage. Perhaps this one comment says it all:

I wouldn't want to be a test case, I'd take the wait-and-watch approach for others to set precedent whilst waiting for my current tin architecture to die by attrition, just for a few more years...

In all honesty, is it any wonder that many are just getting on with things, and waiting to see what happens? After all, it's not that IT staffers are idly looking for extra things to do with their time.

Perhaps the silence shouldn't be so unexpected after all.

Top three mobile application threats

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.