Cloud computing companies have invested heavily in security, but the ladder to the cloud is outside of their control, and that's where the bad guys hang out.
Cloud Computing's Security Imperative
There was a time when cloud computing was a novel concept, but now almost every organization uses some form of cloud computing.
The phrase itself dates back to 1996 and is credited by many to a handful of executives at Compaq Computer who were creating a product roadmap for Compaq's Internet business.
As it gained momentum, a major concern about cloud computing was whether it was secure or not.
Even as recently as 2009, just five years after cloud computing company and poster child Salesforce.com went public, people were writing things like this: "Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, Cloud Computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy."
Needless to say, everybody involved in cloud computing rallied to make their clouds more secure.
And, of course, the cloud computing providers themselves were the logical group to make cloud computing secure.
Indeed, in an advisory document regarding Cloud Security Considerations, the National Security Agency recognizing the importance of cloud security to national security, wrote that "the cloud provider is best postured for providing fine grain security controls since, in general, the complexity of security is much higher in a cloud environment where the data is distributed over a larger area and greater number of devices. "
So, cloud computing companies upped their security efforts.
They hired an army of cybersecurity experts and focused on authentication, authorization, availability, confidentiality, identity, integrity, separation of duties, audit, security monitoring, risk assessment, active security defense, incident response, and security policy management.
There's Only One Problem
As a result of all of this investment, the cloud computing castle is now ostensibly very secure.
The problem -- and it's a huge problem -- is that the roads that lead to the cloud computing castle are still incredibly dangerous.
Think about it. If your organization uses the cloud, how do you access the cloud?
For almost all of us (the exception is discussed below), the public Internet is our road to the cloud.
All of our proprietary data assets that ultimately get to the highly secure cloud must first pass through the highly unsecure Internet -- and, not surprisingly, that's where you get robbed, on the way to the now-very-secure world of cloud computing.
Fixing Cloud Computing's Gaping Security Hole
The only solution to this problem comes from a number of startup companies who have created private access channels to the public internet.
By partnering with these firms, companies can bypass the public Internet and directly connect to a global ecosystem of cloud infrastructure providers, SaaS providers and other business-critical partners.
Each of these arrival points in the cloud must be willing to allow access to their systems via the private roads, which creates a chicken-and-egg startup problem for the companies backing private access. If their private roads don't go to all the right places, nobody will use them. But if nobody is using them, why would folks like Amazon Web Services, LinkedIn and others open their doors to let people in via those private roads?
Still, the problem is big enough that these startup leaders will likely get enough support to eliminate what is truly a massive security gap in cloud computing.
You Choose: Armored Car Escort or Dangerous Public Highway?
I think of it like this. Right now, most cloud computing companies are asking their customers to drive on a very dangerous public road filled with criminals and loaded with risk.
The startups in this space are effectively saying "Don't drive on that crime-infested public road. Come over to this highly secure private road where I've got an armored car that will escort you to your cloud computing provider's castle."
Brilliant -- and highly likely to succeed. Companies will want this, and security-obsessed cloud computing providers will have to have it.
My take? The tipping point for this new industry is a "when", not an "if."
Our small business news site is packed with breaking news for small business startups and entrepreneurs. Find helpful entrepreneur resources about small business management, financing, marketing & technology.