3 min read

Practical Analysis: Are We Sure This Isn't Clouded Judgment?

As enticing as cloud computing is, it doesn't change the rules of the game, which call for careful and thoughtful data management.
We do love the term "du jour," and by "we" I mean the media, including analysts and journalists. Now the term du jour is cloud computing. Just as service-oriented architecture is falling out of favor with some notable analysts, the same group starts pumping up the cloud, and the private cloud (see this issue's cover story, p. 27), and the hybrid cloud. And what comes from each kind of cloud? Services, of course. I guess if that dog don't hunt, you just shave his butt and teach him to walk backward.

Thing is, he probably still won't hunt.

The problem that comes with latching onto the term of the day is that it's always the case that the term's inventors are cheerleaders for a concept -- no equivocation. That all-or-nothing approach, however, stands in stark contrast to everything we know about how information technology progresses. As cool and empowering as the personal computer was in 1983, one of its original main uses was to act as a terminal back to mini-computers and mainframes. Tim Berners-Lee conceived of the Web in 1989, but it took a full decade for it to become transformative -- and then lead to the tech bubble. Storage virtualization is now in its third incarnation, and you can still hear a good portion of the IT universe yawning. I could go on and on.

The hype around cloud-this and cloud-that is just as bloviated as any that's surrounded a new technology approach. We'll all be running our data centers in Elastic Compute Cloud in a matter of months -- never mind that Amazon needs your credit card for EC2 use. A corporate purchase order? What's that? It's Amazon, after all.

What stands in the way of cloud computing, or anything else that presupposes the homogenization of data and the processing of it, is data security. Security pros are quickly coming to the conclusion that securing systems is an outmoded concept, and that securing data, and knowing how it's operated upon and who's doing the operating, are better goals. So if Amazon can't take your purchase order, what chance do you suppose it has of telling you who accessed your data and what they did with it, let alone where it was done and who else had access to the same systems?

I'm a great fan of the notion of pooled resources being allocated to tasks as they present themselves, but at the same time, security architects are strongly favoring the notion of segregating systems based on the criticality of their data and whether that data is subject to regulatory scrutiny.

That's where the cloud enthusiasts are flummoxed. Classification of data and the ability to track how it's been used is becoming a central concept. Good IT security and no amount of hand waving changes that. Cloud vendors want to offer you simplicity, and while that makes sense in some instances, IT's job of both securing data and making it usable for the business is just as complex as it ever was, regardless of which end of the dog you're looking at.

Art Wittmann is director of InformationWeek Analytics. Write to him at [email protected].

To find out more about Art Wittmann, please visit his page.

Register to see all reports at