Locking-Up ‘The Cloud’— A Short Article on Cloud and Cloud Security

Where is the Cloud? Is there security in The Cloud?? These are two of the questions for which SSR has been trying to find answers. As Technologists who are also Executive Recruiters, we try not only to place people at the best companies, but also evaluate newer and emerging technologies. Cloud has been the "buzz” for quite some time. Simply put, Cloud Computing is off-loading your physical computing resources to a service provider which reduces your cost exposure to fees for only the time and capacity you utilize. In other words, a totally elastic method of billing, so you only pay for what you use over the period that actually you use it.


In order to take full advantage of the cost benefits, organizations must have applications and data infrastructure that have been architected for Cloud environments. For the enterprise, virtualization and service oriented architecture (SOA) are the first steps. But for many Independent Software Vendors (ISV's) who are grappling with how to manage their clients as-well-as security of their client's information in The Cloud, a true SaaS delivery model becomes essential. We’ve been working with industry luminaries to find solutions to these questions, and have some initial comments.

For the ISV, as the migration to the Cloud and SaaS is initialized, it is essential find a partner that can take the existing applications and "re-architect" them to be "SaaS Compatible" in a cost effective, secure and safe manner. Be certain to insure that the firm you hire is not connected to a dedicated hosting provider, or you may be stuck with an application that is either bound to proprietary technology or can’t be moved or both. ISV's will want the option to host their application anywhere, and if a SaaS is truly the goal, multi tenancy offers the lowest total cost of delivery and many security advantages.

As Cloud Security becomes a greater concern, it’s extremely important to conduct a full security audit on your implementation, once the applications are running in the Cloud environment. This should be done at least twice a year, but ideally, once a quarter. Cyber-threats are becoming commonplace and Cloud Providers, including Force.com and Amazon Web Services have already been hit. While there are no standards for Cloud Security, there are many recommendations. We believe in the next six months, some specific standards for Cloud Security will be adopted. SSR sees this space as "hot" to watch in 2010.