Hollis Examines Trust in the Cloud

Chuck Hollis’ blog post, Harris: What It Takes To Build A Trusted Cloud, includes a line that I think is important and worth repeating: “[C]loud has the foundation to be more secure and more trusted than anything most enterprise IT organizations could do themselves.”

That’s a controversial statement in the face of the prevailing opinion that cloud computing is too inherently insecure to trust.

Let’s call BS on the fear mongers who echo that sentiment. First, cloud adoption trends show that clearer heads are prevailing. Last year Gartner said that 35% of companies had already adopted cloud in some form, and another 30% planned on doing so this year. That means that by the end of this year, assuming Gartner’s projections hold true, nearly half (35% + 30% of the remaining 65% = 48%) of companies will have moved some portion of their operations to the cloud.

Why would they do that if the cloud is such a risky place to be? Chuck’s blog examines that question in sufficient detail, but in simpler terms, cloud naysayers rely on faulty logic when uttering their lamentations. Their argument assumes that enterprises are secure environments, when the evidence clearly shows otherwise. Astute CIOs recognize that cloud adoption allows them to simplify their own IT. As my motto, O Sancta Simplicitas! suggests, I’m a big fan of simplicity. Simpler means fewer moving parts and fewer opportunities for a breakdown in security.

It also means you should choose your partners with care since you can outsource operations, but you can’t outsource liability.

Trust and Lord Stanley's Cup

We’ve been a little distracted in the New England region lately thanks to the success of the Boston Bruins. Now that I’ve resumed activity on this blog I’ve been wracking my brain trying to make a connection between the team winning the Stanley Cup and the issue of trust, but the connection wasn’t nearly as difficult as I was making it seem.

Consider the statement made by hockey great Wayne Gretzky who once explained his prolific success as a goal scorer by saying, “I skate to where the puck is going to be.”

The Great One’s advice is logical, but how do you know where the puck is going to be?

At times it may be a simple matter of calculating speed and trajectory, but most of the time the skater must have trust in a teammate to execute on a set play in such a way that the skater knows where the puck will be delivered in advance of a pass being made. Likewise, the passer needs to trust that the skater will be at the right place at the right time, giving him confidence that the pass will be completed.

Trust, after all, is a transactional relationship. Without trust it becomes difficult to invest in another party or object to achieve a desired goal. If I trust the ladder, I’ll climb the rungs in order to reach the desired height. If I trust the aircraft and its pilot, I’ll climb on board to reach the desired destination. If I lack trust in either, I won’t get very far.

The Bruins trusted in each other to be where they needed to be when they needed to be there, whether that meant skating to the appointed position, standing up for one another when play got chippy, or simply keeping a cool head when emotions threatened to take over. It took seven games, but for a team that was, by all objective accounts, over-matched in terms of pure hockey skill, that trust was rewarded with a championship trophy.

Today, with so much attention being paid to data security, information privacy, and operational integrity, trust has become a major transactional gate. It is difficult, if not impossible, to accurately measure trust, and recent events conspire to cause more companies and individuals to give some thought to whether they do or do not trust the parties with which they are considering doing business. Ignoring the critical trust component may well result in an embarrassing security event, the result of which will be a loss of trust, loss of customers, and loss of business opportunity.

We’ll explore the issue of trust in future editions of this blog.

I'm Baa-aack!

After a couple years of focusing my blogging efforts on providing content for the Ponemon Institute, I’ve decided to revive Private Communications.

For five years I worked as an independent contractor/consultant in the area of privacy and communications. And while I gave up the glamorous life of self employment this past March in order to take up a new (and decidedly less public) challenge at EMC, it doesn’t mean that I’m out of the privacy game. To the contrary, EMC’s focus on cloud computing and big data means there will be plenty of opportunities to put my wealth of knowledge and experience to use. Issues like trust, and governance, risk and compliance (GRC) are all issues that intersect where EMC is and is headed.

I will speak for myself in this forum and not for my employer. I have no role in policy here, nor do I have any authority make statements on behalf of EMC. I may be inspired by some of the things we’re doing, but don’t flatter me by thinking I have any special insight specific to EMC. I don’t.

If you decide to make any investment decisions based on anything I write here, you are a fool.