Will the real cloud security please stand up?

I have attended a number of tradeshows through the first half of 2012, and it's clear to me that many people still don't understand the difference between real Cloud solutions, and products that merely connect to the Internet. It's equally clear that many vendors are actively confusing the market.
Let's begin by reminding ourselves what the Cloud is all about. At a bare minimum, "Cloud" unequivocally implies "hosted". You can check this with the US National Institute of Technology and Standards. They have published the most widely accepted and universally referenced definitions of Cloud technology (NIST SP 800-145), and every one of them includes the concept of hosting.

In practical terms, this key definition excludes systems that merely support connections to the Internet for remote access. Think about it: if remote access equals Cloud were true, your PC from 1995 with an AOL account would have qualified as a "Cloud system". In our industry, IP-based security products connected to the Internet solve many important problems, but they are not Cloud products in and of themselves. Saying otherwise is confusing and a disservice to our customers.

A common offender in this regard is the new breed of IP security appliances - not the products, but the marketing. Let me state that I fully believe there is an important niche for products with an appliance architecture. For end users who simply can't wrap their heads around the Cloud, it's a comfortable alternative to the complexity and expense of legacy server designs. But making the leap from a local device that can be remotely accessed through holes in the customer firewall to saying this is a "Cloud based system" is a big stretch indeed.

A second point of distinction: simply moving a software application from a local server to a 3rd party data centre does not make it a Cloud application. It is commonly accepted that Cloud systems are defined by multi-tenancy, metered usage, rapid provisioning, and massive scalability. Think about it this way, if you have a server with an old application architecture, and you move it 1,000 miles to someone else's data centre, have you transformed it into a Cloud application? No. You're just playing hide-the-server. And it won't magically support thousands of end user organisations (scalable, multi-tenancy) or suddenly be any faster for new users to provision.

Common offenders I witnessed at recent tradeshows were typically old-line software systems that needed a fresh coat of virtual paint to get ready for the ball.I mean show. In one of the worst examples I saw this spring, one company claimed to be offering a security system "using Cloud-based protocols". Uh - that's just good old IP. While I have to credit their PR agency for working the term "Cloud" into their press release, it turns out that this was just an old-fashioned case of remote access. As much as anything else, these types of headlines indicate just how hungry marketing departments are to force the word "Cloud" into their publicity and literature. It's no wonder customers are confused.

So, where are the real Cloud applications? By category, the biggest emerging group is in video surveillance, variously known as hosted video or Video Software as a Service (VSaaS). Many of these are true Cloud applications because they are: a) hosted, b) multi-tenant, supporting numerous customers in a single instance, c) massively scalable, and d) sold per-camera-per-month as a metered service. There were many of these at the shows I attended and this whole area of the industry is still shaping up in terms of pricing, features, and market fit.

My hope is that as customers become better educated about the Cloud, we will see less misapplication of term. Remember: it is our job as providers to demonstrate leadership and help them along. For further clarification on the definition of the Cloud, we have made a short, informative and entertaining video:

Product Suppliers
Back to top