Cloud Security and Federation

By Darryl K. Taft  |  Posted 2009-12-09 Print this article Print


Cloud Security and Federation

Taking the issue of security a little further, Feigenbaum, who said he is responsible for security for Google Apps, said, "The primary issue with security is perception. But the cloud is more secure [than traditional systems] because it was built with security in mind."

"It depends on your workload-some things you can't move to the cloud," Khalidi said.

"I agree; it's workload driven," said IBM's Hill. "I think security and SLAs [service-level agreements] are not an issue in the cloud."

"Security has a lot of layers to it," said Vogels. Security is's "Priority No. 1," he added, "because there is no finish line with security. You have to build complete processes that are secure, not just infrastructure that's secure."

The panel also agreed, for the most part, that the notion of a "federated cloud" is actually real and available today.

"The federated cloud exists today," Burton said. Salesforce interoperates with Google, Twitter, Facebook and several other cloud-based environments, he said.

Indeed, "The federated cloud is already here," said Vogels. For example, he noted, "You may use compute [services] from Microsoft and other services from other providers like At this moment, by keeping the interfaces as simple as possible, anybody can use these services."

"We feel very good about this," said Microsoft's Khalidi. "We are all collaborating and talking."

Is Federal Acquisition Ready for the Cloud?

When McClure opened the panel up to questions from the floor, one federal government IT manager asked whether the cloud providers would be willing to provide "a free and open community sandbox" for federal users to try out working in the cloud space. All the big providers said they have free trial versions of their offerings available.

Another audience concern was whether federal acquisition policy is ready for cloud computing.'s Burton played up the significance of this concern, saying, "A lot of IT is purchased as a capital expenditure, and when you switch to the cloud it's an operational expenditure."

To this, McClure, whose agency, GSA, has oversight for federal procurement, said, "We'll have multiple acquisition vehicles [available for procuring cloud services] in the government."

As with any technological change, the move to a new paradigm takes time and requires shifts in standards and requirements. On this, Intel's Rampalli said he believes "there is a need for defining or creating an open data center framework."

And on the issue of compliance with federal guidelines, HP's Donovan said: "I'd advocate a set of standards that help me to comply-a set of criteria that can be independently measured. Then we can get beyond some of these acquisition issues." 

Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel