A lot of discussion about cloud computing is based on flawed logic and there was a classic example this week from the lips of HP's CEO Mark Hurd, speaking at the Gartner IT Symposium in Florida on Monday. HP's Hurd dings cloud computing, reported CNET's Stephen Shankland, while ZDNet's Larry Dignan posted under the headline, HP's Hurd: Cloud computing has its limits (especially when you face 1,000 attacks a day).
The basis of Hurd's flawed attack on cloud computing was the experience that HP itself has defending its own IT infrastructure against security intrusions: "We have 1,000 hacks a day and I can't tell you why, but they keep showing up. We wouldn't put anything material in nature outside the firewall."
So what is Hurd implying here? That reputable SaaS providers such as Salesforce.com, NetSuite and Workday don't use firewalls? [Disclosure: several are consulting clients]. Of course they do. And their customers and prospective customers test those firewalls and every other aspect of the provider's security on a daily basis. Hurd should consider himself lucky with just 1,000 hacks a day. The average cloud or SaaS provider not only has to contend with attacks from the usual threats that prowl the public Internet, they know their customers are out there trying to catch them out, too. What's more, virtually every day some or other enterprise IT team is visiting their data centers, making sure the security and other processes set out in their SAS-70 Type II certification are in force.
So when Hurd or any other company bigwig says, 'We won't put anything material outside *the* firewall,' what he actually means is, 'We won't put anything material outside *our* firewall.' It may not be as rigorously tested and continuously validated as a cloud provider's firewall, but hey, it's *my* firewall, and if it goes down, well, I only have myself to blame.
Next time someone says, 'I like the idea of SaaS or cloud, but I don't want it outside the firewall,' think carefully what that really means. Realize that your firewall is just as exposed to the Internet as any SaaS or cloud provider's firewall. It's plain illogical to suppose their firewalls are any worse than yours. In most cases, they're far superior. Do your due diligence, for sure. But don't dismiss cloud computing because of fears that, 'It's not secure.'
The only clouds that will let you down are in a category I call amateur cloud many of them operated by large enterprises and even computing giants that, like HP's CEO, believe their firewalls are better, simply because they own them.