Myths of the cloud

Understanding the characteristics of true hosted solutions and why it matters

As a technology that promises to lower total cost of ownership, real cloud computing must deliver savings. Hide the server can never do that.

The "Cloud-Based Protocols" Deception

Many old-line software systems vendors are desperate to shoehorn "cloud" into their marketing literature. You can’t blame them. If it was 100 years ago and I had to sell wagons against automobiles, you can be sure I’d find a way to use the term "horseless carriage" in my pitch. 

In one of the most egregious abuses of the term, there are systems vendors who are covered by the media as cloud companies because they claim to use "cloud-based protocols." You might as well claim to be an electric company because your products use electricity.

I applaud their PR agency for working "cloud" into their press release, but it turns out this is just a case of old-fashioned remote access.

Citing "cloud-based protocols" leads users to a situation that sums up everything we’ve outlined so far: single-tenant applications that are usually hidden remotely as "private clouds" in a data center that has not been qualified or audited.

How to Recognize a Real Cloud

So, how do you recognize the real thing? Let’s go back to the impartial definitions NIST wrote several years ago:

  • On-Demand Self-Service. You can obtain services, or expand existing services, without talking to a human and going through a big provisioning process. This is a good litmus test for determining if an application uses multi-tenancy and a real data center. On-demand self-service is usually only possible with multi-tenant applications designed to serve large populations efficiently.
  • Measured Service. You pay only for what you are using; say, per camera, per door, or per alarm point in the case of traditional physical security. This functions as good protection against “hide the server” and “private cloud ready” types of claims because there’s no way you can buy services from those architectures “by the drink”. Instead, you’ll see charges for the server, or a virtual machine, or storage, or a license—not something you can directly relate to the actual business of security.
  • Resource Pooling.  Sharing a common infrastructure across all customers for maximum economic and computing efficiency. You’ll be able to recognize resource pooling if you are logging into the same system (web address) as everyone else who uses the service. This indicates the vendor is using a true multi-tenant architecture and that you’ll get the benefits of a real cloud design.

The cloud is here to stay, and it offers security buyers numerous advantages over traditional solutions -but only when it’s the real cloud.