Chateau Cloud ‘09, before the rains
Sometimes I just can’t help myself. No matter what I do, I get myself in trouble. For the most part I have stayed out of the whole cloud thing. I have watched on the sidelines as Hoff, Amrit and countless others have pontificated ad nausem about cloud this, virtual that, a new paradigm here, a revolution in the making there. I stayed away from the hype. To me I had been there and done that and have a bunch of worthless stock certificates to prove it. Back when StillSecure CEO Rajat Bhargava and I were getting Interliant going we were one of the early entrants in the ASP market (the cloud providers of our day). We were hosting and managing all kinds of applications, web sites and other infrastructure, including dare I say it, managed security. I have also been through my share of market hype (NAC anyone?) too and recognize much of the cloud buzz for what it is.
Today I tried to write a small commentary on what was truly a tragedy on multiple levels. One of the least levels of tragedy was what can happen when we trust our providers to store our (take your pick) – applications, data, IP, stuff – on line in a shared or virtual environment. This is why security of our cloud environments is so important. Without that security in place which allows the user to trust in the provider, the cloud will never ascend. The real tragedy of this story is that not only did 10’s of thousands of people lose their websites and data probably for good, but a young man who developed the software that was hacked felt so guilty that he apparently took his life by hanging himself. Can you imagine! When many software vendors today won’t even acknowledge some vulnerabilities this poor soul took his life. I guess its lucky Bill Gates never felt that personally responsible for any Microsoft vulnerabilities. It is not a joking matter though. Many thousands of people effected. A web hosting business in shambles and a young life snuffed out. Securing the cloud is rather minor on this scale.
But my friend Hoff (now of Cisco. Should be interesting to see what effect this may have on the blog) and Kirsh from someplace called CloudAve.com, took me to task. Evidently this was just a shared environment and to “fear monger” about the cloud being insecure was totally out of line. Chris fails to see how a “PHP script vulnerability in a virtualization management program” equates to a cloud problem. Geez I don’t know. Like I wrote in my reply, perhaps I don’t have the sophisticated palate that these gentlemen have to recognize a fine cloud when I see one. I felt like I was out on a Saturday night with some of my Boca friends when they debate the merits of this bottle of wine or that one. Hey aren’t they all just a bunch of grapes. Or better yet discussing maduro wrappers versus lighter tobacco wrappers, Dominican versus Cuban. Come on now. I had a flashback to Jim Ignatowski on the show Taxi smelling cocoa leaves to see where they were grown and when.
Maybe I will never be on the cover of Cloud Aficionado magazine, but I think most people have the same view I do. When I am talking about my stuff being kept up and off of my premises, it is up in the cloud. It doesn’t have to be fancy or sophisticated. You don’t need fancy diagrams or long winded treatises with story book names. it is really quite simple. When my stuff is up there I am getting it in the cloud. A PHP vulnerability on a shared server is not very different than a vulnerability in salesforce.com, if it means someone can gain access to salesforce and wipe out my data.
To satisfy my own curiosity I went to Wikipedia and looked up Cloud Computing. Oh now that cleared it up - NOT. There is grid computing, utility computing, SaaS, PaaS, IaaS, yada, yada, yada. I don’t know about you all, but I would bet the common man would still have a tough time distinguishing today’s cloud versus the service bureaus and time sharing on the main frames from back when I was a kid and I went to work with my Mom (yeah I am that old). I am tired of hearing about paradigm shifts (the dot com bubble, the housing bubble, now the cloud bubble). But lets leave the cloud snobishness out of it. Don’t forget that though some may sit around letting the wine breathe, enjoying a fine smoke discussing the more subtle points of a good cloud architecture, the rest of the world has to live,work and deal with this stuff everyday.