As I begin to write what will be a three part series of postings, I must point out some facts.  First, I work for IBM Corp providing strategy and thought leadership.  This is relevant because IBM is a provider of Cloud Computing services, and I do not want anyone to think that I am merely creating an IBM commercial.  Far from it; my job, thought leadership, is actually “outside” of more conventional business development.  This means that I am encouraged, no, directed actually, to think independently as to what may be best practices in the cyber realm, even if it does not involve IBM products or services.  That said, what I provide here on Security Debrief is solely my opinion and is not necessarily the corporate position of my employer.

Many things drive best practices in cyber.  Obviously, technological capabilities are a major factor.  The economics of running a business or government enterprise is another, particularly during tougher economic times.  A big draw for some is the attractiveness of innovation and the desire to be an “early user.”  Leaders like to be out in front of the curve.  There is also the need for computing power at peak times, and the requirement for flexibility at cost effective rates.

All of these aspects will push businesses and governments toward this newest wave in IT – cloud computing.  This series will explore the validity of the cloud concept, identify its strengths, look at some of its potential problems, and raise some issues that potential users need to understand and hopefully resolve prior to embarking on this journey.

What is cloud computing?  Some call it nothing but a fad, and a dangerous one at that.  Others believe it is the next big paradigm shift for technology.  As with any major transformation, there are numerous nuances and definitions for cloud computing.  Basically, cloud computing is a new model for delivery and consumption of IT and business services.  It includes on demand self service, ubiquitous network connectivity and access, resource pooling independent of location, rapid provisioning and complete elasticity of services, and efficient pay – per – use arrangements.  At one end, everything is kept somewhere besides your actual terminal or device: data, applications, security, support, and a lot more.  There are also less robust versions where only certain parts of the IT system are “in the cloud,” and still other arrangements where the cloud is private, and services only your enterprise.  We will look more closely at all of these possibilities.

The promise of Cloud Computing is phenomenal.  It will provide enormous computing power to everyone, regardless of the size of their enterprise, even to individuals.  It will do this while being environmentally friendly, and drastically improving space usage in today’s Smarter cities.  This promise however, runs directly into great concerns about individual privacy and proprietary data protection, as well as the creation of large, lucrative targets, the loss of which could carry unacceptable risk to our critical infrastructure.  These seemingly irreconcilable issues must be addressed as we move forward.  The really exciting part of all this is its practicality and potential usefulness in the workplace, if we can trust it.  In the next post, we will look at the positive effects cloud computing can have.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More