We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

The Connected Web

Phil Wainewright

HP CEO Flails Cloud with Faulty Firewall Logic

Vote 0 Votes

A lot of discussion about cloud computing is based on flawed logic and there was a classic example this week from the lips of HP's CEO Mark Hurd, speaking at the Gartner IT Symposium in Florida on Monday. HP's Hurd dings cloud computing, reported CNET's Stephen Shankland, while ZDNet's Larry Dignan posted under the headline, HP's Hurd: Cloud computing has its limits (especially when you face 1,000 attacks a day).

The basis of Hurd's flawed attack on cloud computing was the experience that HP itself has defending its own IT infrastructure against security intrusions: "We have 1,000 hacks a day and I can't tell you why, but they keep showing up. We wouldn't put anything material in nature outside the firewall."

So what is Hurd implying here? That reputable SaaS providers such as Salesforce.com, NetSuite and Workday don't use firewalls? [Disclosure: several are consulting clients]. Of course they do. And their customers and prospective customers test those firewalls and every other aspect of the provider's security on a daily basis. Hurd should consider himself lucky with just 1,000 hacks a day. The average cloud or SaaS provider not only has to contend with attacks from the usual threats that prowl the public Internet, they know their customers are out there trying to catch them out, too. What's more, virtually every day some or other enterprise IT team is visiting their data centers, making sure the security and other processes set out in their SAS-70 Type II certification are in force.

So when Hurd or any other company bigwig says, 'We won't put anything material outside *the* firewall,' what he actually means is, 'We won't put anything material outside *our* firewall.' It may not be as rigorously tested and continuously validated as a cloud provider's firewall, but hey, it's *my* firewall, and if it goes down, well, I only have myself to blame.

Next time someone says, 'I like the idea of SaaS or cloud, but I don't want it outside the firewall,' think carefully what that really means. Realize that your firewall is just as exposed to the Internet as any SaaS or cloud provider's firewall. It's plain illogical to suppose their firewalls are any worse than yours. In most cases, they're far superior. Do your due diligence, for sure. But don't dismiss cloud computing because of fears that, 'It's not secure.'

The only clouds that will let you down are in a category I call amateur cloud — many of them operated by large enterprises and even computing giants that, like HP's CEO, believe their firewalls are better, simply because they own them.



Hurd's a dope. Thanks for reminding me not to buy HP.


I agree Hurd's comments are self serving, and shortsighted. However, there is something to be said for a firewall within your control. The fact it is within your control does not make it more secure, but you know what it is. Anything outside your control is unknown. Not to pick on Salesforce, but can you guarantee they have a properly configured firewall? What makes their administrators "professional", and the HP admins "amateurs"? Without that assurance, how can we be 100% certain all data outside our firewall is safe? SAS 70 is a set of auditing standards. It helps, but it's still not without potential flaw, especially outside the period of review. I agree most big name cloud providers have well designed & effective security measure, but the fact it’s outside the control of the potential customer creates an unknown. That unknown is the real issue here, and I would argue the primary sales hurdle for all cloud service providers. How do we address this issue? Due diligence, and continue review? Perhaps a real time auditing standard? Transparent penetration audit results? A reliable, effective, and foolproof assurance method is ultimately needed.

I wonder how folks reacted when banks first offered to save cash. All along, people zealously safeguarded their hard-earned money at homes (on-premise or private cloud) and I am guessing that banks would have received lot of flak for suggesting such a preposterous scheme (public cloud). And to think that banks now use our cash to make more profits for themselves and pay us a small interest in return. Of course, there is a lock-in involved and the bank may even go bust. But we happily overlook those and enjoy the convenience and security that the banks offer us. Is Data = Dollar? Do you think history will repeat itself?

Phil Wainewright blogs about how businesses are using the Web to get better plugged into today's fast-moving, digital economy.

Phil Wainewright

Phil Wainewright specializes in on-demand services View more

Recently Commented On

Recent Webinars


    Monthly Archives