A recent interview with Gartner analyst John Pescatore describes the key security aspects data center managers should know before adding cloud-based services to their offerings. Pescatore has 32 years of experience in computer, network and information security. He also worked at the National Security Agency and the U.S. Secret Service.
Q) What are the primary differences between cloud computing and Software as a Service (SaaS)?
A) SaaS is when you consume and pay for an application on a monthly basis. Cloud
computing represents the “infrastructure” that SaaS is built upon. Salesforce.com is an example of
SaaS, whereas Flickr.com [an online photo management and sharing application] is an example of
Storage as a Service. Flickr operates by using Amazon’s storage cloud and buying storage and
capacity from Amazon as the demand arises. Google’s services [Google apps or Gmail] are examples of
Software as a Service that are also implemented through cloud computing. Rather than using MS
Office—software you can buy on a CDROM and own rights to—you can consume word processing or e-mail
as a service through Google apps. Both businesses use cloud computing to implement their services
and therefore do not really have their own data centers.
Q) How does cloud computing make an organization more vulnerable to attacks?
A) One of the major issues is loss of control of where your data is stored. Cloud-based information
Q) How can enterprises save money with security technologies and techniques by using cloud computing? Today, using cloud-based security services is not necessarily cheaper than doing it yourself.
A) If you looked at the software licensing costs, and so on, you might pay the same amount as you did [for] email security in a cloud. You could save data center space and personnel time; however, it’s really more about reducing the total cost of ownership than strictly reducing the line item that says “email filtering.” You could put hundreds of dollars of security software on every laptop and spend lots of time trying to manage these laptops, or you could pay half that per user per year by using cloud computing. The information would flow through a cloud based security service and threats could be filtered before they reach the machine. That's what we look for in the future: that cloud-based security services will enable less expensive ways of dealing with future threats
This was first published in January 2009