If I were to tell you that 2013 was the year for cloud computing at Interop, I'd sound like a broken record. Haven't we heard this before, in 2009 and 2010 (okay, hardly anyone attended those years) and certainly the past two years?
Rest assured, I'm not going to claim that 2013 is the year of the cloud. We're past that.
This year industry trendsetters are moving beyond the will-they-or-won't-they cloud adoption tedium. Instead, they're figuring out how to make the cloud better, faster, more secure and more open.
Here are three trends the cloud experts were talking about at Interop 2013:
1. Cloud Security Is Starting to Mature – Sort Of.
One cloud trend that alarmed me this year at Interop is how dependent people still are on passwords. This isn't really a cloud issue so much as a general computing one. I'm not going to rehash how risky typical passwords are – I've been sounding this alarm for years – but apparently, for many organizations, strong authentication means some combination of letters, numbers and special characters, along with regular cycling.
That's just not good enough, especially in the face of today's targeted, persistent attacks. Combine that with the fact that sensitive corporate assets are moving to the cloud, and then add in the reams of data that can be mined about each and every one of us through simple Web searches and social media, and, well, the situation just screams out for multifactor authentication. Fortunately, the adoption of multifactor authentication is high (and often mandated by regulatory bodies) in high-risk sectors like financial and health care. The rest of the enterprise world still needs to catch up, though – especially those adopting cloud services.
Another security trend that has been percolating for a few years and is starting to show signs of maturity is the shift from a keep-the-bad-guys-out security strategy to a risk-mitigation one. We can only fight effectively on so many fronts, so this helps organizations focus on protecting their most important assets.
"At Interop this year, we're seeing more consensus about the impact that context and intelligence can have on security," Geoff Webb, NetIQ's director, Solution Strategy, said. "We're also seeing how automating the integration of this data is key. As more employees connect from their mobile devices to the plethora of cloud services available to them, the only way to implement an effective data-centric security strategy is by providing context and intelligence about those connections." In other words, if you're in a branch office, your risk posture is lower than if you're on a public WiFi connection in Starbucks.
Or to look at this from a data-risk perspective, if a mobile employee wants to access a lower value asset like a company directory, identity enforcement can be a little looser. If that employee wants to look at customer lists, your access control or identity enforcement tools should raise the bar.
However, few organizations have automated the process of securing connections between people, place, data and real-time threat intelligence. Fewer still have integrated these capabilities with cloud services.
I asked Webb about why security organizations don't embrace openness when it comes to sharing threat intelligence. I'm not naïve. Obviously, this intelligence has value, and few will want to just give it away, but shouldn't we have some sort of standardized mechanism that allows organizations to share threat information in real time, rather than acting out the parable of the blind men and the elephant?
Webb believes we're on the cusp of getting much better at threat correlation among security vendors. "I think we will soon see better threat intelligence sharing from third-party sources, some of whom may begin licensing their data to other security vendors and their customers. As security becomes more of a priority, our customers are realizing that this context is the key to taking raw data and turning it into better security policies that protect their businesses," he said.
2. Software Defined Networking Is the Hot Trend.
"Software Defined Networking" (SDN) is being hyped the way "cloud" was a few years back. Yet, there's arguably more substance and less fluff to SDN hype. Cloud definitions varied so broadly and vendors abused the term so shamelessly that it's shocking there's not more cloud backlash.
SDN isn't applied nearly as promiscuously. During Cisco SVP Rob Soderbery's keynote, he apologized for the fact that everyone is getting bombarded by SDN buzz, and then really didn’t talk much about SDN.
SDN is a geekier concept than cloud, and it builds on much of the groundwork previously laid by legitimate cloud and virtualization proponents.
SDN's value proposition is fairly straightforward: SDN makes networks configurable (and reconfigurable) in software rather than hardware, and as a result, networking can be delivered as a cloud-based service, rather than as a bunch of expensive boxes.
Or to put a different spin on it, SDN pushes networking up the stack to the vicinity of the application layer. (We may need to rethink the OSI model with all of this virtualization going on.)