Cloud/mobile applications are appealing as they offer the opportunity for widespread use. Every App developer and App Store Manager is hoping for the next “Angry Birds.” That is the beauty of cloud/mobile applications and cloud computing – you can be instantly successful. In order to be successful in this market environment you must expose your application and yourself repeatedly for success.
While the allure of instantaneous success is strong, my conviction is slightly contrary to that business model. Long-term success in cloud services and computing will be supported by those applications and services that sustain value over time – as they are the ones that people are willing to pay for. The mass appeal and continuing value will make services successful and profitable. Regardless whether it is commercial or enterprise services, Users can be fickle with free; however, they will stick with something that they value and pay for.
While there is still a requirement to trying many things on the front end of introduction, making attention to users desires the more important aspect is critical. One of those desires is secured comfort – namely of their data.
The security of the data (individual or business) is key for success of cloud services. For people or businesses to feel comfortable with the services, there must be assurances that access control, authentication and availability are protected from attacks, corruption, or disclosure. That the data is held confidentially and with integrity so that it is non-repudiated. In addition, it is important that everything remain private. These assurances need to be at the application layer (where the data is most used). Also there needs to be the same level of assurance that the transport service and the infrastructure are also secure. If these areas are addressed so that the users are comfortable then cloud services will be successful. Without it, people/businesses will always look at the services as a secondary or backup capability to something else…something much less efficient and cost-effective.
If success comes from limiting your exposure, then how to do you accomplish this daunting task. There are many areas to consider and many capabilities you can put in place to secure your service. The range from nothing to ultimate draconian is available. The ideal arrangement is to undertake an orderly analysis of each area and determine the business need/risk, what is needed, and how to accomplish the security task.
At my former company, our Services Engineers and the ITU developed a framework for security – X.805. This framework is a bit older; however, I find it very useful for determining your threats/risks to data security and then providing a “roadmap” to implementing solutions. It is worth taking the diagram and thinking about your own services implementation…you might be surprised at how exposed you might be.