/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsLet us start with security, which has been the point of debate whenever cloud conversations happen. Much has been talked about but still less has been understood.
Security becomes more consumable
If you pay any attention whatsoever to IT industry analyst reports, you know that security concerns about "the cloud" consistently top the list of adoption concerns. This is partly because the "security" moniker often serves as a sort of shorthand for a variety of compliance, audit, regulatory, legal and governance issues that are often only indirectly related. It's also because, as an industry, we're dealing often with new approaches to computing and delivering application services that don't have clear historical antecedents and established approaches to mitigating associated risk. As a result, dealing with security and associated concerns in the cloud sometimes seem to require true experts in the field, who are almost by definition in fairly short supply.
On the other hand, there are organizations like the Cloud Security Alliance (CSA), whose mission is to promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure additional forms of computing. While the CSA's work benefits everyone, its most important role may be "democratizing" the process of securing and running clouds so that organizations operating and using clouds don't need security rocket scientists on staff. Expect to see tools for more easily and systematically securing clouds gain more attention in 2013.
But data security
This remain a vexing issue, and increasingly leading to high-profile, issues. At one level, protecting against data breaches in the datacenter is a fairly straightforward security problem without many new wrinkles relative to the practices that IT professionals have been following for decades. However, in many respects, we are in a place that's different in kind from times past.
Some of this difference is about connectedness and scale. While security models have been shifting from walled perimeters to defense-in-depth since the early days of the web and e-commerce, cloud-based applications made up of composable services from multiple sources vastly increase potential attack surfaces. It's a vastly more complicated security problem than setting the ports correctly on a firewall.
Perhaps even more problematic, though, is even determining how specific data and data relationships need to be treated and which laws apply.
We expect the overall data security and privacy situation to get worse before it gets better. After all, some of the issues date back to before the Internet went mainstream. The issues have just become more visible and more complicated. We've already seen big fines imposed for even relatively minor medical records breaches. Expect to read about more fines in the coming year but only incremental movement ahead on the macro issues around appropriate uses of data.
BYOD: Â Acceptance
BYOD is one of the trends that some like to cite as a key cloud security issue given that it takes control away from IT and puts it in the hands of users. Look around any organization that's not part of the government or in a highly regulated industry and, chances are, most of the smartphones you see aren't company-issued and provisioned. And the tablets that you probably spy as well are far more commonly purchased by employees for some combination of personal and work use-to the degree that we can even still draw a sharp line between such spheres of activity in general. Bring-your-own-PC is a more complicated issue, for a variety of reasons, but PCs are being "consumerized" as well.
In most cases, BYOD is going to require IT departments to do some combination of rolling out new products, educating users and adopting new processes. At the very least, they need to understand potential exposures and come up with a plan for dealing with them. And that means acceptance is the only reasonable path forward.
Hybrid shows up in ever more conversations
IT consumerization is also one component of another cloud computing trend-hybrid cloud computing. Hybrid commonly refers to cloud management that spans both on-premise and multi-tenant public clouds-although clouds can be heterogeneous in other ways as well.
The consumerization angle is that early public cloud usage was often characterized by users gaining access to computing resources with a credit card because their IT department wasn't moving quickly enough. Such usage can also be outside the scope of any IT governance practices. That can be good for flexibility and speed but it can have a stark downside if there's a data breach or if an application developed using a public cloud can't be easily put into production on-premise.
The idea behind a hybrid cloud is that resources can be made available to users as easily as if they were accessing a public cloud while keeping the process under centralized policy-based IT management. Organizations are also increasingly looking to hybrid cloud architectures as a way to have a more dynamic computing architecture over time. There are only a modest number of hybrid computing architectures in production today, but the movement towards hybrid is clear. That's why industry analysts such as Gartner are recommending that organizations "design private cloud deployments with interoperability and future hybrid in mind."1 Expect to hear even more about hybrid clouds in the coming year.
Openness demonstrates the power of community innovation
Openness is one of the most important enablers of hybrid IT because it helps users avoid lock-in to vendors and specific ecosystems. And not just open source but openness across multiple dimensions including APIs, standards and the requirement that permission to use intellectual property, like copyrights and patents, must be granted in ways that make the technology open and accessible to the user. Openness is also about having
vibrant, upstream communities that are at the heart of the innovation that the open source development model makes possible. We believe that 2013 is going to see all that developer involvement lead to commercial product in the same way that the open source development model has led to innovative products in operating systems, middleware and countless other areas.