The benefits can include huge cost savings, but the downsides can be considerable. Says Williams: "The hype must surely have reached a peak by now. It seems a lot of people are confusing the cloud concept with the internet itself."
A recent IDC survey found that 74 per cent of IT executives and CIOs cited security as the top challenge preventing their adoption of the cloud services model.
However, Ollmann also believes that this response is down to a lack of clarity: "There is a lot of media attention about 'cloud security', in particular, confidentiality and trust.
But much of this distrust can probably be attributed to confusion over what's happening. You'll often hear people discuss the spectre of not knowing where their data is within the cloud, and how it's not under their physical control.
Meanwhile, they've outsourced critical customer and code development practices to the lowest bidder for the past half-decade."
Jacobs adds: "Moving to the cloud is a general trend in corporate IT. Lots of people advise doing all your anti-virus detection in the cloud, for example.
However, adopting this stance wholesale can lead to weaker, generic security policies and can also lead to difficulties getting updates out. The real question that should be asked here is: 'Does moving process X to the cloud provide effective security?' "
Some of the benefits of cloud services in general include lower resource demands on the endpoints themselves and a simpler, centralised update system. In spite of this, Jacobs believes the model needs optimising:
"Spam and web malware product updates are increasingly getting too big to push out to multiple devices, and this needs an elegant solution. The web security question is an interesting case. Appliances work well in a corporate environment, but are ineffective for roaming users.
"The only way road warriors can use this type of protection is to route all traffic through HQ, which is prohibitively slow, as traffic has to come down onto the endpoint, then back into the cloud. The current model doesn't make much sense."
Williams is confident a cloud model holds many of the answers, but that the central question is about control and visibility rather than security minutiae.
"The loss of visibility is a huge problem and one that needs to be addressed for the market to mature. The key is that an individual business can't change any settings. The best-case scenario is a good SLA, but this only provides a process rather than a hands-on recourse in the event of a problem."
The possibility of desktop virtualisation as the ultimate cloud-based service is an exciting one. Instead of worrying about the endpoint per se, the company should provide a browser-based secure desktop, goes the argument.
Theoretically, this would ensure that any device, from internal Macs through to internet café PCs and iPhones, would be policy-controlled and secure. So is the return of the thin client assured for good?
Jacobs believes this is the way forward, but just not yet: "Virtualisation of the desktop will enable secure access through a wide range of devices and will allow cost reduction as well as retaining control of the infrastructure.
"Additionally, the cost of managing desktops would be mitigated; there shouldn't be such a need to spend so much on managing Microsoft. However, it's a very expensive process to begin, and I don't see it coming of age for three to five years."
In spite of his enthusiasm for the technology involved, Williams also believes that the barriers to entry are high: "Organisations need to tread carefully here and move non-critical applications into the cloud first.
"Once trust has been established and reputations made, then the concept of virtualisation will sit better - you don't want to be the first business to make a mistake here. Also, in some cases, the cost of implementing virtual desktops is up to ten times the cost of managing physical environments and there is almost zero improvement in security or operational efficiency.
"Desktop virtualisation is not the magic bullet you are looking for."
Securing the endpoint will be one of the most critical issues for security professionals over the next few years. The spectrum of technology involved is huge, and genuinely securing the business-critical mobile devices of today calls for far more than a simple AV licence or some encryption software.
How long it will be before the virtualisation movement takes off is uncertain, but it seems a potential solution to a complex series of issues - watch this space.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
