I remember when Microsoft first introduced PPTP virtual private network technology and sparked a debate about whether or not the Internet could be securely used for remote access. Nowadays, we take VPNs for granted. If you think about it, with VPNs we’ve given up control of the pipe (the Internet), but it doesn’t mean we have to give up control of the data in the pipe.
The same will be true of cloud-based computing services if we do it right. We can give up control of the pipes, the servers, the data centers, the applications and so on – as long as we keep control of the data.
Isn’t that what information security is ultimately all about?
If we control the outcome (e.g. service level agreements, security protection, etc) then do we really need to control how the outcome is achieved?
Just like I am looking back 15 years later after the advent of VPNs, I believe in 15 years we’ll look back and wonder what all the fuss was about with using Cloud-based computing resources.