Rational Survivability

Here here!

You make a good point given that "security" is too generic of a term these days. Company X may only be processing public information in the cloud and therefore they have no compliance barrier–on the other hand company Y may be looking to process credit card information and therefore the DSS imposed by the PCI may be a barrier to public cloud computing… although Amazon just recently announced PCI DSS 2.0 Validated Service Provider Status: http://aws.typepad.com/aws/2010/12/aws-achieves-p…

Hello Holf. While respecting at full your opinion, I partly disagree.

You certainly make a good point about both operational control difficulty and compliance to newcoming documents such as PCI 2.0 or other standards… but we should remember that after all everything is regulated by a contract and a SLA.

Hence IMHO it should be rather easy for the wannabe cloudified company to clearly define roles and responsibilities concerning audit and level of control the company wants to achieve.

And I strongly believe that richness of offer we'll see soon and good old competition will make it happen.

Another point is security. While agreeing with Matt Chiodi that security is way too generic, I recently wrote few articles on the blog of the company I work for (hence this is a sort of implicit disclaimer 😉 about how you should read the contents of the article) where I talk of security of the access.

I believe security of the access to the cloud is really one of the biggest "brakes" cloud computing is facing now… and it is a quite well defined branch of security.

Naturally this is a perspective I've identified from wannabe cloudified company… therefore feel free to comment and express other opinions…

References to the articles, from oldest to newest:
http://stoneblog.stonesoft.com/2009/12/text-my-ac… http://stoneblog.stonesoft.com/2010/02/enabling-c… http://stoneblog.stonesoft.com/2010/04/if-we-rest… http://stoneblog.stonesoft.com/2010/10/how-to-str…
Thanks for your attention.