But the move to hybrid cloud deployment comes with new challenges and risks. The biggest challenge for cloud deployments today is in the area of data security and identity. There are several cloud providers who offer IaaS, PaaS, SaaS, network as a service, and “everything as a service” and probably offer good firewalls to protect data within the boundaries of their data center. The challenges include data at rest, data in flight used in mobile devices accessing the cloud provider, and data derived from multiple cloud providers and provision of a single-view to the mobile customer.
BYOD is Driving New Cloud Adoption
The ubiquitous mobile computing is driving the new cloud adoption model faster than anticipated and a key driver is BYOD (bring your own device). The traditional IT shop had control of its assets whether on-premise or on cloud. However, the demands of BYOD and the myriad mobile devices, applications, and mobile stores have resulted in the IT organization losing control of users’ identity, as one can have more than one profile. The use of the biometric information such as fingerprint and eye scans is still in its infancy for the mobile users. There are some efforts in standardization in cloud identity management such as OpenID Connect, OAuth, and SIEM, but the adoption is slow, and it will take time to work seamlessly across many cloud providers.
Trust the ‘Cloud’ Providers
The key security issue for cloud and mobility deployment is establishment of “trust” and “trust boundaries.” There are several players in the cloud and mobile deployments offering different services, and they need to work seamlessly end-to-end. The “trust” worthiness is enabled by the ability to automatically sign-off or hand-off to another cloud/mobile service provider in the “trust boundary” and still maintain the data integrity at each hand-off. The automatic sign-off would need to verify the validity of the cloud provider, protect the identity of the users, as well as guarantee the nontampering of content. The intermediate trust verification providers would also be a cloud provider similar to verification of ecommerce internet sites. The trust verification provider must support the SLAs for security, identity, and trust between mobile and cloud service provider. The key requirement is to ensure the integrity and trust between mobile and cloud providers, inter-cloud, and intra-cloud providers.
The mobile end user will have a trust boundary with mobile/telecom service provider (cellular) or managed service provider (Wi-Fi). The trust will be recorded, and some portion of identity will be passed on to one or more cloud providers offering different services. Each trust boundary will have a negotiation between mobile and cloud providers or between cloud providers to establish the identity, security, and integrity of data as well as the mobile user.
The future of cloud is in the convergence of simple standards for security, identity, and trust, and it involves all participants in the cloud: mobile device vendors; service providers; cloud IaaS, PaaS, and SaaS vendors; and the network. The pay-as-you-go model would have a price tag factored in for a minimum SLA level in terms of guarantee and additional pricing based on additional levels of security, including security locks at the CPU boundary.
Cloud/Big Data Frameworks
In addition to cloud security, identity verification, and trust regarding data integrity, the technology of cloud/big data frameworks will have rapid changes and adoption in the next few years. One such adoption is the standardization of a query language for the NoSQL data stores similar to SQL for relational database management systems. The query language will result in query nodes that accept incoming queries and in turn result in distributed queries across the cluster of nodes, handling all issues dealing with data, including security, speed, and reliability of the transaction.