Executives from IBM and Amazon sparred over the degree of security issues pertinent to cloud computing during a panel Wednesday at ZendCon 2011 in Santa Clara, Calif. Transitioning from a dedicated facilities to a shared environment in the cloud means developers must build proper security in their applications, said Mac Devine, IBM Distinguished Engineer. Developers cannot assume the public cloud provider will secure everything, he warned: “You can’t depend on the fact that, ‘OK, nobody can get behind my firewall.'”
“You need to be thinking differently. It’s a shared environment,” he said. Risk comes with the collaboration enabled by the cloud, Devine added.
But Jeff Barr, senior Web services evangelist at cloud provider Amazon Web Services, shot back, “I do agree that you need to worry about security, but you also have to realize that you do get effectively infrastructure that has a lot of [a security focus] already built into it.” Instead, developers need to worry about application-level security, Barr said.
Security and availability are probably the top two priorities at Amazon, Barr asserted. Amazon has security certifications such as ISO 27001 and SAS 70, he said, adding that large-scale cloud providers can make expensive, long-term investments in security that others cannot. Devine noted a cloud infrastructure provider can offer regulatory compliance and operational security. In some cases, clouds have more security than on-premises systems, he said.
Panelists also debated use of SQL and database connectivity in clouds. SQL as a design pattern for storage “is not ideal for cloud applications,” said Adrian Otto, senior technical strategist for Rackspace Cloud. Afterward, he described SQL issues as “typically the No. 1 bottleneck” to elasticity in the cloud. With elasticity, applications use more or fewer application servers based on demand. Otto recommended that developers who want elasticity should have a decentralized data model that scales horizontally. “SQL itself isn’t the problem. The problem is row-oriented data in an application,” which causes performance bottlenecks, said Otto.
Developers, Barr said, should not get attached to individual resources in a cloud: “You need to think of them as essentially transient and replaceable.” An audience member raised the issue of inconsistent I/O in the cloud. Barr, while declining to make any announcements, hinted Amazon was working on something in this vein. “We’re always trying to make everything better. How about that?”