Whenever the topic of security is mentioned in the context of cloud computing, it is usually discussed as the "big barrier" to adoption. The perceived or actual lack of security in the cloud makes it impossible for businesses to make the leap into this new computing paradigm. I propose a different perspective: Security will rescue cloud computing.
Service providers really have no option - they must do cloud even if they're not quite sure what it is. The hype has made it inevitable. So most providers are cobbling together some sort of infrastructure-as-a-service (IaaS) offering. At first, theses IaaS clouds are offered as alternatives to traditional hosting, but all providers clearly expect IaaS to replace traditional hosting in all but the rarest of use cases. Should service providers be delighted about these developments? More likely terrified, if they really look at the economics of cloud.
Cloud computing may be hard to define but its economic characteristics are pretty clear: It represents the ultimate commoditisation of computing, removing most if not all differentiation between offerings and turning all computing into homogeneous bundles of gigahertz, gigabytes and gigabits/sec. On top of commoditisation, the cloud encourages the development of mega-scale data centres and enormous concentrations of processing. Economies of scale, combined with lean and mean operations will push cloud-computing providers into a relentless race to the ... bottom. Mega-scale meets pico-profits.
You have to wonder what service providers are thinking while they publicly embrace cloud with glee and jump on the bandwagon. Many are piloting IaaS offerings based on the exact same software stack by a single virtualisation vendor. Their future is one of 10,000 identical mega-marts of computing, all offering cutthroat prices trying to squeeze out profit by running just a bit leaner than the competition. All at the mercy of any swing in electricity prices, which can wipe out their entire margin. Ironically, some of the same providers that have spent two decades trying to elevate themselves above the "dumb pipe" are now rushing to become yet another provider of "dumb chips."
So what is the role of security in all this? Security is like a liquor licence to a restaurant - an opportunity to up-sell each customer with a high-profit margin product to balance out the dismal or loss-leading margins of the core product. Security is the single most profitable differentiator that a service provider can add to IaaS to have any hope of making money. Security is brand-sensitive, labour-intensive, infinitely customisable and difficult to scale. That makes security the perfect differentiator that can add value to a bland IaaS offering. Service providers can either roll their own or resell third-party services taking a cut or even charging "portal fees" for access to their customers. To extend the liquor license metaphor, the service providers can pick the "house wine and beer" approach or the full sommelier and wine cellar service.
It's either that or the competitive wastelands of mega-scale at pico-profits. "For an extra $1 you can get double the GB for your GHZ, should I super-size it, sir?"