re: Top 12 Cloud Trends Of 2012
Cloud = mainframe. We are going backwards with new buzzwords. All these years coding for distributed servers and we are going back to consolidated operating systems with multiple cores. Mainframes - yay - I used to work on them. At least with mainframes you had the option to keep your data in house behind your own protection. With the cloud anyone can take a crack at it. Today companies like verisign are being hacked daily and they are supposed to be trust authorities. How safe do you think your data will be on a mainframe (sorry, cloud) that is accessible by millions of people. When anon get a hold of an administrator password it will not matter how compartmentalized your data is. At least when you are behind hardline firewalls your are not subject to random hacks "I pick you pikachu". The hackers have to be in the same geographical location, have access to your hard lines, have the technical ability to both hack your comms and hack your encryption (a rare combination). For any company where every transaction means money (Banks, stock exchanges, clearing houses etc.) doing business in the cloud is clear insanity. For music stores and book sales, go for it. It saves a lot on infrastructure costs. Shared mainframe time. Also if a music store goes down it means 10,000 people out of a job, not an entire bank and all of it's investors out of their homes. Also don't trot out the adage that the data is encrypted, everyone knows that the data cannot be attacked directly. They attack the people with the passwords to the data. Key loggers etc. It takes one little mistake in the wee hours of the morning when you are half awake to accidentally load a key logger. One person in your trust chain gets compromised and you may as well not have encryption. Why? Because encryption keys should be cycled. But they aren't. They are normally hard coded, because they are a pain to change. All it takes is one annoyed exeployee and you may as well be sending clear text. DES has been compromised. MD5 look up sum tables are prevalent, it may not be your password, but it ends up appearing the same to a computer due to failures in the MD5 hash algorithm. So the attacker does not need your password, he needs the sum of your password, he needs your encrypted data - and with your encrypted data he can decrypt the rest of your data. Maintaining decent solid, rapidly changing security is beyond our current programming models. The hackers are ahead of us on this one, and until we catch up there will be a lot more hacking to come.
Back on topic - I realize I deviated but i will leave it because it seriously applies to the whole 'cloud' / 'mainframe' concept. If you are a little startup by all means go cloud. If you deal in billions - I would stay away and hire a good CIO.