Editor’s note: This is the 20th article in the “Real Words or Buzzwords?” series from SecurityInfoWatch.com contributor Ray Bernard about how real words can become empty words and stifle technology progress.
This article is about what the arrival of serverless computing should mean to physical security industry stakeholders. The previous article explored the technical aspects of serverless computing. Now, we’ll approach the topic from a higher-level viewpoint.
I’m repeating the definition of cloud computing by Kunjan Dalal, founder and CEO of AuroSys Solutions LLC, that I presented at the start of the first Serverless Computing article, because it properly frames the most important aspect of serverless computing: virtualization. Dalal stated: “Cloud computing is an internet based technology model that allows users to instantly access, manage and deploy large shared, virtual computing resources.”
What Does Virtual Mean?
Thanks to the evolution of computing, the word “virtual” is now being used in a way that has never been able to be used before. Prior to computers as we know them, “virtual” was defined this way according to the English Oxford Living Dictionaries:
1. almost or nearly as described, but not completely or according to strict definition.
synonyms: effective, in effect, near, near enough, essential, practical, to all intents and purposes
Virtual computing originally referred to using software to mimic the functions of computing hardware (a “virtual” machine). A computer operating system and its applications wouldn’t “know” they were running on software instead of running directly on computing hardware. At first, running an operating system and applications in a virtual machine wasn’t as fast as running it directly on the hardware, and there were also a few other limitations being that the virtual machine actually wasn’t hardware.
However, as computing hardware became faster and faster, and because computer chipsets were then given special features to specifically support high-speed virtual machine computing, something happened that has drastically and permanently changed the world of computing: Virtual computers became better than the computers they originally imitated.
Thus, the virtual devices in our smartphones, like cameras, light meters, movie screens, GPS navigators and so on, are more popular than the original devices. The virtual versions cost less, are more convenient, and can go with us anywhere. They have “virtues” that their original counterparts could never possess. The idea that virtual can be better goes far beyond the original meaning of the word “virtual.”
So, it should be no surprise that the Google graph of word usage for “virtual,” for the past two hundred years, shows a huge spike in the last two decades. This is because now, most uses of the word virtual refer to virtual computing.
The Reasons for Serverless Computing
Virtualization separates functionality from the physical constraints imposed by the machine or device that originally provided that functionality. Thus, the functionality becomes more useful, more available, more sharable, more powerful, more flexible, more scalable and perhaps more importantly – more affordable at scale. Being more affordable at scale is just the opposite of non-virtual machines. Virtual machines can be created, run, managed and deleted electronically, and of course physical machines can’t be. Yes, there are physical machines underlying the virtual machines, but the complexities of computing have moved out of the physical machines and into the virtual machines—where for the first time they can be managed at scale.
Computing is evolving towards Internet scale.
To do that, computing must leave behind the server form factor, which was imposed on it because the predominant computer machine has, until very recently, been the server. Servers made data centers and Internet computing possible, but to scale up for enterprise needs and the Internet—virtual machines were required. Virtual servers further accelerated the expansion of the Internet and the World Wide Web. Now—they are holding it back. Hence the rise of serverless computing, which removes unneeded server-design constraints from virtual computing resources.
But the evolution of cloud data center computing isn’t likely to stop there. Computing hardware itself no longer needs to conform to the traditional server form factor—because virtual computing doesn’t need it. What virtual computing does need is high-performance pools of computing, storage, and networking resources. But there is no requirement for those to be packaged up in the traditional server form factor.
Now that legacy constraints are being removed from the computing hardware base underlying cloud computing, computing and networking is poised to evolve even more dramatically.
Implications for Physical Security
Unfortunately, the full spectrum of security threats is enabled by the computing and networking advances that are generally available. Physical security threats are IT-enabled, and what we used to call the “blended threat” (physical plus IT) is no longer an exception, it’s a permanent situation of increasingly enabled threat actors. This means that electronic security systems, including cloud offerings, must a) keep pace with the general advances in computing technology, and b) use information technology capabilities to more effectively enable end-users of physical security technology to the maximum extent possible.
This has implications for those of us working on the forefront of physical security industry technology. Wait a minute—isn’t that most security industry companies? Or if it isn’t, shouldn’t it be?
The arrival of serverless computing is just one of the many technology advancements occurring in the changing IoT landscape that physical security technology is a part of. Unfortunately, we’re not yet the best part of it, or even one of the better parts of it, especially regarding cybersecurity. But we could be, and there is no reason not to be. For that to happen, physical security industry companies must do three things:
- Rapidly get current in their understanding of information technology, including cloud computing.
- Fully adopt IT practices relating to the development, deployment and management of security products and system.
- Expand the scope of technology standards, and set higher standards of practice, for physical security industry products and services.
For many industry companies, this means getting active (or more active) in the work of the Security Industry Association (SIA) committees and working groups for standards and education. SIA is a much more advanced organization than it was just five years ago, and it needs to accelerate that forward progress even more—which requires very active participation by security industry companies.
Consultants and integrators must keep looking closely at the technological maturity of security industry companies, and their participation in advancing industry initiatives. The learning and knowledge sharing that occurs puts participating companies in the strongest position to advance their own products and services.
Given the emergence of as-a-service offerings, which is the inevitable technology trend, consultant and integrator knowledge of industry companies is especially critical. There is no other way to assure we can identify the best technologies and services that match the risk mitigation needs and technical infrastructure requirements of customers, who are counting on us to do just that.
About the Author:
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.