Security still a top concern for cloud app builders

SAN FRANCISCO  — Security, cited as an issue with cloud computing when the concept began to take hold several years ago, remains a pivotal concern for developers, an IBM Cop. official stressed at a conference.

Executives from IBM and Amazon sparred over the degree of security issues pertinent to cloud computing during a panel  Wednesday at ZendCon 2011 in Santa Clara, Calif. Transitioning from a dedicated facilities to a shared environment in the cloud means developers must build proper security in their applications, said Mac Devine, IBM Distinguished Engineer. Developers cannot assume the public cloud provider will secure everything, he warned: “You can’t depend on the fact that, ‘OK, nobody can get behind my firewall.'”

“You need to be thinking differently. It’s a shared environment,” he said. Risk comes with the collaboration enabled by the cloud, Devine added.

But Jeff Barr, senior Web services evangelist at cloud provider Amazon Web Services, shot back, “I do agree that you need to worry about security, but you also have to realize that you do get effectively infrastructure that has a lot of [a security focus] already built into it.” Instead, developers need to worry about application-level security, Barr said.

Security and availability are probably the top two priorities at Amazon, Barr asserted. Amazon has security certifications such as ISO 27001 and SAS 70, he said, adding that large-scale cloud providers can make expensive, long-term investments in security that others cannot. Devine noted a cloud infrastructure provider can offer regulatory compliance and operational security. In some cases, clouds have more security than on-premises systems, he said.

Panelists also debated use of SQL and database connectivity in clouds. SQL as a design pattern for storage “is not ideal for cloud applications,” said Adrian Otto, senior technical strategist for Rackspace Cloud. Afterward, he described SQL issues as “typically the No. 1 bottleneck” to elasticity in the cloud. With elasticity, applications use more or fewer application servers based on demand. Otto recommended that developers who want elasticity should have a decentralized data model that scales horizontally. “SQL itself isn’t the problem. The problem is row-oriented data in an application,” which causes performance bottlenecks, said Otto.

Developers, Barr said, should not get attached to individual resources in a cloud: “You need to think of them as essentially transient and replaceable.” An audience member raised the issue of inconsistent I/O in the cloud. Barr, while declining to make any announcements, hinted Amazon was working on something in this vein. “We’re always trying to make everything better. How about that?”

(From InfoWorld U.S.)

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now