This morning, I recorded a podcast with Keith Shaw from Network World. Our discussion was about the 5 mistakes people make when moving out into the cloud. The podcast should be available next week, but in the meantime, I thought I would share a nice analogy that Keith came up with illustrating the difference between public and private clouds.
Clouds are like swimming pools. Private clouds are like a pool in your backyard. Every pool has a fence for reasons of practicality and liability. Since this is your pool, you get to decide who is allowed to go for a dip. Sometimes there is only one person in the pool; sometimes there’s ten—but anybody going for a swim is your responsibility. Each day you add chlorine and keep up with the cleaning. But more likely, you hire someone to do this for you.
Public clouds are like public pools. Someone else—probably the city—builds the pool and maintains it. Anyone who can pay the admission is welcome, as long as they agree to follow a few simple rules. There are lifeguards to watch over you and your kids, and you trust the pool management has checked them out to make sure they are trustworthy and posses the proper credentials. Often the public pool is crowded, and there is this annoying fat kid that keeps doing cannonballs close to where you are swimming, but overall it provides good value. True, once you came home with a strange itch, but the local public pool is certainly cheaper and a lot less work than maintaining your own.
It’s just too bad they don’t serve daiquiris.
Last month during the RSA show, I met with Rob Westervelt from ITKnowledgeExchange in the Starbucks across from Moscone Center. Rob recorded our discussion about the challenges of security in the cloud and turned this into a podcast. I’m quite pleased with the results. You can pick up a little Miles Davis in the background, the odd note of an espresso being drawn. Alison thinks that I sound very NPR. Having been raised on CBC Radio, I take this as a great compliment.
Pour yourself a coffee and have a listen.
I recently had a great, freewheeling discussion with Daniel Raskin, Sun’s Chief Identity Strategist. Daniel runs the Identity Buzz podcasts. We talked about issues in identity and entitlement enforcement in SOA, compliance, and the problems you run into as you move into new environments like the cloud.
Daniel’s post about our podcast is on his blog.
You can download the podcast directly right here.
I had a great discussion with Mike Vizard of CTOEdge the other day about how to secure the cloud. I was joking with Mike afterward that I had tried to avoid delivering any overt vendor message because this is such an important topic. Nevertheless, some SecureSpan specific features had leaked into the discussion. He thought that I had actually done better than most: it turns out I was 18 minutes into it before I slipped into vendor-speak.
You can judge for yourself. Listen to the podcast here.
I did a podcast recently with Mike Vizard of eWeek. Mike had some excellent questions around all the issues is managing identity and trust relationships in the cloud. This is one of those under-reported issues around cloud computing. Security always comes down to trust, and this is going to be the significant issue business faces as it moves applications out of it’s corporate network.
Listen to it here.