informa
Commentary

Cloud Security

Making use of cloud computing resources like Google's App Engine, or Salesforce.com, or Amazon S3, while all the rage, still makes some folks nervous. In particular, heads of enterprise development organizations who feel the need to tell their developers, "Nah-ah. Unless it's behind our firewall, you can't use it."
Making use of cloud computing resources like Google's App Engine, or Salesforce.com, or Amazon S3, while all the rage, still makes some folks nervous. In particular, heads of enterprise development organizations who feel the need to tell their developers, "Nah-ah. Unless it's behind our firewall, you can't use it."

At the Google I/O conference yesterday, I got to ask Vic Gundotra, their VP of developer programs, if nervousness over security issues in cloud computing were paranoid, or justified. His answer was insightful:

"There was a time when the thought that your local bank would be transferring your money around the world across networks was unthinkable. But the banking industry earned our trust. The same sort of trust will have to develop with cloud resources."

Now, he didn't say there weren't security issues, just that dealing with them sensibly is all bound up in that "earning the trust" issue. I'm curious as to how many of you out there have faced organizational resistance to using cloud compute resources (due to security concerns or anything else). What do you see as the unique security challenges with this sort of highly connected form of development? 

Recommended Reading: