If you have been keeping up with IT headlines in any shape or form over the past year, you probably noticed that Cloud is the new hot topic in IT. However, if you look a bit closer, what you may not have noticed is that a good portion of the discussion around Cloud nowadays has shifted away from the core functionality, such as rapid provisioning of servers and applications, and more towards issues of on-going maintenance, security, and compliance of Cloud infrastructure. For example, lets take a look at some of the recent headlines these days:
- Amazon EC2 Achieves PCI Certification (December 14, 2010)
- Microsoft Cloud gets FISMA Certification and USDA contract (December 15, 2010)
- Google Apps gets FISMA Certification and GSA contract (December 2, 2010)
- CIO Magazine’s article on 5 Cloud Security Trends for 2011 (December 16, 2010)
Amazon realizes that one of the major hurdles of cloud services is to overcome it’s stigma of being purely suited for development and test environments and to give assurances to customers that cloud infrastructure can be used to operate core functions of the business such as payment processing. Amazon’s efforts towards certification have resulted in one additional step towards that assurance.
Meanwhile, in the public sector, Google and Microsoft have been in a heated battle for cloud business from the US government. Google announced that their Apps service obtained FISMA certification about 6 months ago with a contract awarded to them not long thereafter, over Microsoft, from the United States General Services Administration. Microsoft finally retorted recently by announcing its own FISMA certification and contract with the USDA.
From these recent headlines, it’s apparent that the on-going management, security, and compliance of cloud services are starting to really become the core around how cloud service providers differentiate their services from others. It is no longer just about how fast you can provision servers and applications and is instead becoming more about what assurances you can provide during the lifetime of that server or application. This has become the new standard for cloud services. Because of this, when building out new cloud infrastructure, cloud service providers can no longer think of security and compliance of the solutions as an afterthought. Cloud service providers who implement integrated solutions that can not only provision new servers and applications but can also provide all the required assurances (i.e. security, compliance, monitoring) during the lifetime of the service will be the ones who remain competitive.