I am sworn to the Chatham House Rule on this, so the names, titles and place of the following dialog about cloud computing security must remain a secret. The only thing I can say is that it occurred at a recent gathering of local IT executives.
Both gentlemen work in the high-tech space. The discussion begins when the first executive (let's call him "the first guy") starts talking about his company's use of cloud computing.
The second executive (let's call him "the second guy") stops him and says he's not sure what a private cloud is, compared with a public cloud. In my mind I am thinking:
Validation No. 1: The hype coming from technology vendors about this or that type of cloud computing can be confusing to more than just the average journalist.
The first guy neatly breaks down the distinctions between a public and a private cloud -- firewalled-off sections of a data center, and in some cases, separate server boxes -- but offers that public cloud security concerns are overblown and that his company has been using Amazon.com's Elastic Compute Cloud Web services for several years. He goes on to describe how his company's use of the cloud involves its independent software vendors testing applications. This is one of the first uses of cloud and is still the most common, he says.
Yes, says the second guy, (and now I'm paraphrasing) but isn't there value in the intellectual property of the application software assets in the cloud that's being put at risk? The second guy goes on to discuss the recently discovered Flame malware, whose sophistication points to state-sponsored terrorism or corporate espionage; he concludes that nothing is really secure.
True, the first guy agrees, and he recounts a story from earlier in his career at a company where he was in charge of IT security. At one point, he brought several serious issues before the chief executive, who shrugged them off.
Validations No. 2 and No. 3: Despite the trend where IT executives' efforts lean more toward the business, innovation, transformation and the like, their first and last worry will always be about security. And despite being under constant threat from cybercriminals, chief executives don't care enough about security. The costs of security will always outweigh the cost of the breach.
Yes, says the second guy, but what if you are a software company whose value is tied up in the intellectual property of the software assets situated in the cloud? How much would you say is the value of those assets? Probably the market capitalization of the company, right?
More about technology innovation
Right, says the first guy, and shrugs.
Right, says the second guy, and shrugs.
We sip coffee.
Validation No. 4: IT executives know a lot more about business and finance than most people give them credit for.
Let us know what you think about the story; email Scot Petersen, Editorial Director.