Friday, 27 May 2011 09:58

Cloud insecurity a myth, says Citrix executive Featured


Public clouds are more secure and reliable than private data centres in the same way that commercial aircraft are safer than cars, according to a Citrix executive.

When an airliner crashes, everybody on board goes down. Yet you are 28 times more likely to die in a car than a plane, at least in part because of the attention that's been given to making planes safe and reliable.

That's the argument put forward by Simon Crosby, chief technology officer at Citrix. An airliner has millions of parts, and so does a large data centre. A few providers can put them together reliably, but "you can't," he told his audience at the Citrix Synergy conference in San Francisco.


Crosby pointed to attacks by Anonymous on organisations such as Amazon Web Services (AWS), PayPal, Mastercard and Visa in retaliation for their treatment of WikiLeaks. AWS "didn't blink" he said, but the other companies running their own data centres suffered outages. "An attack on your data centre will take your outfit down," warned Crosby.

That doesn't mean a big, properly configured public cloud won't fail. Crosby pointed out that Gmail, AWS and Microsoft Online Services have all had outages recently.

The trick, he suggested, was in learning how to use public clouds so that you can keep running in the event of an outage. When AWS went down recently, Netflix kept running despite being 100% AWS based.

But you can't do that with legacy applications, Crosby warned, but you can with next-generation applications, so organisations need to find people with the skills (such as Ruby on Rails) to build them.


A related issue concerns isolation. The development of OpenVSwitch - a high-performance, secure virtual switch - provides isolation, resource control, visibility and security in a multi-tenant facility, he said.

In any case, Crosby told iTWire that the idea that the cloud was insecure was a myth. "It is [put about by] IT people worried about their jobs," he said.

IT departments have never managed to protect or control their organisations, he said, so they should leave that to someone that's good at the job and does it full time. "[There are] so many more layers of protection" in a public cloud, and the operators have more resources to fall back on.

Crosby also implied that cloud or data centre security is not the weak point. Attempts to illicitly extract data from them are rare. What's more common is an employee taking data (think WikiLeaks again), or attacks at the client level (eg, RSA was compromised via a Flash exploit, not by trying to obtain information directly from a server; and the well-publicised attack on Google was via an Internet Explorer 6 vulnerability, not on its cloud infrastructure).

"Unless you protect the client, you can do nothing for the cloud," he said, but "You can't just do cloud [security] and not the client" or vice versa - both are necessary. "Securing execution in the cloud? I don't think it's a big deal [to do]," and a cloud vendor will probably do a better job of running applications securely than a typical company can.

Disclosure: the writer travelled to San Francisco as the guest of Citrix.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News