Wednesday 30 September 2009

Are Clouds Compliant?

Today I was part of a panel where we debated whether Clouds are compliant. The session was part of the BrightTalk online Cloud Computing Summit and was hosted by Peter Judge, UK Editor, eWeek Europe. I was joined by IBM's James Rendall, and Paul Roberts of The 451 Group and we participated in a lively session.

The questions we worked through were:
Q1. Do you trust the cloud?
Q2. Are clouds compliant?
Q3. Is compliant a barrier to adoption?
Q4. How should we make clouds compliant?

There was online polling of the audience with clear majority responses being as follows: Q1 – No; Q2 -No, and Q3 - Yes.

Question 4 was the most interesting for me. We actually debated two courses of action. First, "Change clouds to accommodate regulation". Alternatively, "Change regulations to accommodate clouds". A cheeky 25% of the audience voted for the latter! This is like raising the speed limit on the roads because it is impossible to stop motorists from speeding. Is this a good idea?

I cynically pointed out that the underlying context is not peculiar to cloud -- and is commonly observed in other computing architectures. IT is a business enabler – and businesses want to make profits. Once a profit making system is in place, it is only then that organizations get concerned about compliance and security issues. Alas, the elasticity and remote nature of cloud infrastructures make retro-fitting security devices (e.g. firewalls) nearly impossible. The only way to achieve the retrofitting of security into the cloud is if you can make the security technology ‘cloud hostable’ and have it inserted seamlessly into the underlying fabric. Perhaps a DataWall for the cloud – watch this space.