April 3, 2009


by Dennis Kuntz

The more and more I hear about the cloud, the more I see the same old tired head-butting of bipolar arguments – it’s always all or nothing. This is extremely frustrating as one of the most beneficial approaches to so, so many issues is to look at all angles and create an adaptable approach. In the case of the cloud, it’ll be good for some things and not so good for others – and in each case it will take diligent effort (or at least intelligent guessing) to assess what is appropriate. Zealots just seem to miss out on so much benefit by eschewing other ideas in favor of a single one, while exposing themselves to so many risks by only embracing that one idea.

So it is with the cloud.

This blog post from IT consultant and SANS Fellow Hal Pomeranz abstracts the concept from being about “the cloud or not the cloud” to centralized vs. decentralized computing, and the storied battle between supporters of each. Here is an excerpt:

I commented that the whole Cloud Computing story felt just like another turn in the epic cycle between centralized and decentralized computing.  [Bill Schell] and I had both lived through the end of the mainframe era, into “Open Systems” on user desktops, back into centralized computing with X terminals and other “thin clients”, back out onto the desktops again with the rise of extremely powerful, extremely low cost commodity hardware, and now we’re harnessing that commodity hardware into giant centralized clusters that we’re calling “Clouds”.  It’s amazingly painful for the people whose jobs and lives are dislocated by these geologic shifts in computing practice, but the wheel keeps turning.

Personally, I’ve been coming at this cloud thing primarily from a security perspective – and I continue not liking the general idea of third parties having “control” over my data (whether it’s truly mine, someone who has my data and then hosts it on the cloud, or data for which I’m ultimately responsible). However one thing I like about Hal’s post is that he talks even more generically about the concept of “processing” instead of security specifically. In the context of Information Security and “processing” evaluating “The Cloud” on its merits for a particular situation remains the prudent order of the day – this one or any other.

Hal’s post can feel as though it’s coming through in opposition to centralized computing a la “The Cloud” – but it’s not. Its arguments are weighted in that favor simply because centralized processing is the direction du jour and I believe that he’s just trying to offer some clear-headed thinking to counter the current hype.

He ends with this:

Despite what the marketeers would have you believe, I don’t think the Cloud Computing model has proven itself to the point where there is a massive impact on the way mainstream business is doing IT.  This may happen, but then again it may not.  The IT job loss we’re seeing now has a lot more to do with the general problems in the world-wide economy than jobs being “lost to the Cloud”.  But it’s worth remembering that massive changes in computing practice do happen on a regular basis, and IT workers need to be able to read the cycles and position themselves appropriately in the job market.

Which clearly doesn’t argue for or against the cloud in principle – it merely raises a red flag against giving into the hype while also warning IT employees that they need to be responsible for their own employability regardless of which way things end up.

I could easily end this there, my point having been made, but that would do a great injustice to a great piece of art by Chris Hoff that illustrates things further. So to that end I must link to his Cloud Computing Security in Poetic Review.

Have an awesome day!

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.