The term 'cloud computing' is quickly becoming a standard part of our vernacular but do security services have a place in the cloud? We have seen a handful of fundamental shifts in computing over the decades and I firmly believe that cloud computing represents a major evolution in information technology and that the evolution has only just begun. For proof of this, Google the term 'cloud computing' and see just how many news hits result. As I write this, the number is north of 4,000 and a quick scan of the headlines is like a drive through Silicon Valley - the usual suspects are everywhere. Sounds like a quick, steep climb up the hype cycle to me. The question for me is not will cloud computing stick around, but rather how quickly will it be adopted and more specifically, how must security services adapt to accommodate this paradigm shift?
Some industries have quickly adopted cloud computing while others have moved more cautiously. Google is of course a pioneer in the space, having invested heavily in the belief that the day will come when storing data in the cloud will be the de facto standard. So far their gamble seems to be paying off. Gmail (despite eternal beta status) has gone from being an interesting Hotmail competitor, to the email infrastructure leveraged by enterprises, big and small. Even Google Docs shows promise. I've gone from being a skeptic to appreciating the collaborative power of hosting apps online, especially in a world where employees are commonly separated by geography.
Privacy concerns present a challenge that must be overcome for cloud computing to enjoy broad adoption and rapid growth. That barrier is however coming down quickly. There was a time when companies wouldn't have considered housing sensitive sales data anywhere other than on the corporate LAN and today Salesforce is one of the true success stories of the cloud computing era. Reliability is the second critical challenge which must be tackled and when major players such as Google or Amazon have outages, no matter how brief, it makes headlines. This challenge however, will be solved too. When customers demand reliability and money is on the line, there is no shortage of incentive to solve such problems and solve them quickly.
So where does this leave security services? My bias is obvious and I won't hide it. I believe that security services are destined to shift from products to services. Security is a necessary evil. Banks don't hire hoards of security experts because they want to, they do so because they have to. If a reliable service were in place, which could provide an equivalent or better level of security at a lower TCO, would enterprises adopt it? I think so. While to date few such services have existed, the acceptance and adoption of cloud computing in other industries will continue to facilitate the adoption of security services in the cloud as well. The challenges will be similar for the security industry - privacy and reliability, with special emphasis on the former. The challenge is real and it has arrived. It's now up to us to solve it.