FCB today continues its conversation with Jeffrey M. Kaplan, Managing Director of THINKstrategies, Inc.
He gives us his insight into whether or not there will be standards for cloud worldwide, and also discussed what lessons can be learned about the cloud computing world when examining the fight between China and Google.
Jeffrey Kaplan: Standards in the technology have always been a touchy matter because there’s so many different interpretations about the way in which technology ought to be deployed, and, of course, there are a lot of proprietary politics associated with that, as well.
So, I don’t think we’re ever going to get to a point where there is a strict set of standards that govern cloud computing, but I do think that we’ll get to a point where there are a set of defacto standards which set certain parameters for how cloud computing ought to be developed and deployed in order to ensure that it is meeting the quality and reliability and security expectations of organizations.
But I don’t think you’ll find one set of standards that will play that role.
Fed Cloud Blog: [Let’s] go back a little bit and talk about security.
Some people — both in the private and public sectors — have said that one of the biggest things about moving to the cloud is that you can’t move everything. There are certain things that . . . no matter how much security you have in the cloud, you’re just not going to want to do it, for whatever reason.
In your article, you say, “If you’re still uncomfortable moving your apps, data or portion of your computing requirements to a cloud vendor you can still benefit from the growing success of this market trend.”
Explain what you mean by that.
JK: First of all, let’s step back and be honest with ourselves [about the fact] that many established organizations and data centers are not nearly as secure as we’d like them to be.
In fact, if you do a survey of the publicly announced security infractions that have occurred, you’ll find that almost all of them — and I can’t think of any involved cloud computing — but all of them have, in fact, involved traditional data center environments or laptop situations — where the laptop was either lost or stolen, and, as a result, there is some data incursion involved.
So, this says that the old way of doing things isn’t necessarily as secure as we would like it to be, either.
Therefore, I think the cloud computing alternatives deserve at least a chance to demonstrate that they could be if not as secure, even more secure.
Now, leaving that aside, there are a couple things that can still be learned from cloud computing, even if you don’t go the route of taking advantage of a third party, publicly oriented service.
Number one, there’s a growing array of private or virtual-private cloud services, where in fact you’re not really sharing resources with other organizations. Instead, you have dedicated resources that have been designed to meet your specific need and, hopefully, security that’s been enhanced as a result.
Number two, there’s a growing assortment of what are called appliance options, which are cloud-based services you can subscribe to but deploy behind your firewall.
Those services and resources are basically in a locked down configuration that you can utilize — you can’t necessarily reconfigure — but are synchronized with a service provider.
So, they sit behind your firewall and remain secure in that regard.
The final aspect of all of this just learning best practices of these cloud computing companies.
There are a growing number of government agencies and institutions who are visiting with Amazon or Google or SalesForce or even Facebook, and learning how they operate and trying to emulate their operating procedures from the point of view of system configuration, standardization, as well as development standards and simplification, so as to improve the internal operation of a data center through better automation and agility.
FCB: One final question — are there any lessons to be learned by Google versus China?
JK: There are a couple, that is, first of all each country has its own set of standards — or expectations, if you will, or customs — about what they believe are the standards for things like security, operations and transparency.
The cloud computing world is touched by that like every other aspect of commerce in society.
It’s an example of how the mores of China are influencing the evolution of cloud computing.
Tomorrow: FCB talks with new Cyber Czar Howard Schmidt.