I just read this, a tad old pre-finance-crisis, but still relevant and good article on “Gartner prediction misses today’s enterprise cloud action” when I realized it was automatically linked to my post “Enterprise cloud computing and security, the missing debate or solved” – it actually still gives me hits, nice!
The post refers to security certifications for cloud applications and it also provides a nice grouping of applications with a timeline of when the author expects the cloud to be ready to handle this type of apps.
- Low security sites such as marketing apps and batch computations on public data with public algorithms
- Massive compute jobs that use proprietary algorithms that are not super-sensitive and operate on public data.
- Super secret data and very sensitive algorithms
I certainly believe that certifications that document security and processes, and new good architectural solutions will bring us to a point where cloud-sourcing bullet three is considered ok sometime in the future, but it still comes down to the level of trust one is able to build.
If you are the owner of business critical data that is “super secret and sensitive” a certificate doesn’t help much when your competitor got hold of your customer base and attacked all your customers with their marketing machinery, but of course a certificate helps documenting and is good in the sales process.
Who knows, your data might be more secure in the cloud than in your basement server room, which is normally most certainly not certified and it will provide documentation to hide behind. To conclude, yes, I think it will help adoption.
Meanwhile, be aware of social hacking amongst your trusted security officers 😉