We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security remains a top concern for cloud app builders

Amazon, IBM, Rackspace reps debate cloud security and availability, along with use of SQL and database connectivity in the cloud at ZendCon

Security, cited as an issue with cloud computing when the concept began to take hold several years ago, remains a pivotal concern for developers, an IBM official stressed on Wednesday afternoon.

Executives from IBM and Amazon sparred over the degree of security issues pertinent to cloud computing during a conference panel session at the ZendCon 2011 event in Santa Clara, Calif. Transitioning from a dedicated facilities to a shared environment in the cloud means developers must build proper security in their applications, said Mac Devine, IBM Distinguished Engineer. Developers cannot assume the public cloud provider will secure everything, he warned: "You can't depend on the fact that, 'OK, nobody can get behind my firewall.'"

[ Also on InfoWorld: Gartner cites private clouds as a last resort for enterprises. | Download InfoWorld's Cloud Security Deep Dive for advice and best practices on protecting your data in the cloud. ]

"You need to be thinking differently. It's a shared environment," he said. Risk comes with the collaboration enabled by the cloud, Devine added.

But Jeff Barr, senior Web services evangelist at cloud provider Amazon Web Services, shot back, "I do agree that you need to worry about security, but you also have to realize that you do get effectively infrastructure that has a lot of [a security focus] already built into it." Instead, developers need to worry about application-level security, Barr said.

Security and availability are probably the top two priorities at Amazon, Barr asserted. Amazon has security certifications such as ISO 27001 and SAS 70, he said, adding that large-scale cloud providers can make expensive, long-term investments in security that others cannot. Devine noted a cloud infrastructure provider can offer regulatory compliance and operational security. In some cases, clouds have more security than on-premises systems, he said.

Panelists also debated use of SQL and database connectivity in clouds. SQL as a design pattern for storage "is not ideal for cloud applications," said Adrian Otto, senior technical strategist for Rackspace Cloud. Afterward, he described SQL issues as "typically the No. 1 bottleneck" to elasticity in the cloud. With elasticity, applications use more or fewer application servers based on demand. Otto recommended that developers who want elasticity should have a decentralized data model that scales horizontally. "SQL itself isn't the problem. The problem is row-oriented data in an application," which causes performance bottlenecks, said Otto.

Developers, Barr said, should not get attached to individual resources in a cloud: "You need to think of them as essentially transient and replaceable." An audience member raised the issue of inconsistent I/O in the cloud. Barr, while declining to make any announcements, hinted Amazon was working on something in this vein. "We're always trying to make everything better. How about that?"

This article, "Security remains a top concern for cloud app builders," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest business technology news, follow InfoWorld on Twitter.

Read more about cloud computing in InfoWorld's Cloud Computing Channel.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia