I’ve often been a proponent of thinking of Cloud based computing as a security layer between you and the bad guys. It seems the US Department of Defense agrees with me. http://techinsider.nextgov.com/2011/03/cyber_command_shifting_to_the_cloud.php
Now, by far the most common area of attack where bad guys get information or do damage to systems other than lost/stolen equipment is by hacking through publically accessible entry points to seemingly secure networks. Why can they do this? Because the public web sites and systems that they can reach over the Internet, are connected through firewalls, or reverse proxies to your actual network and databases.
We need to keep the bad guys from touching the networks and servers that are attached to our network. Cloud computing enables that. With Cloud computing, the UI and public interface is on the cloud providers network. Depending on how you architect your systems, there is either no connection back to your systems (if you use a pull model), or there is only one point to point authenticated connection if you use something like the Windows Azure Hybrid model. In either case, criminal hackers don’t’ actually touch servers in your data center.
So even if they were to compromise a virtual machine hosted by the cloud provider through some security hole in your deployed application, they can’t get anywhere from there.
The typical deployment today (where things are not already hosted by external third parties) is like this:
Users (potential bad guys) access machines hosted on-premises. If one of those machines is compromised, the rest of the machines in the data center, and potentially the entire network are at risk. Ideally, we want all of this stuff off our network so that the bad guys can’t touch our infrastructure. Like this:
This is ideally how most cloud based deployments will be done. You get the best advantage of teh cloud providers serivces (where the proper services are available) and you get the unwashed masses off your equipment. Not to mention, you don’t need to maintain or pay for the depreciation of the equipment in the first place.
Ah, but I hear you scream, “NO, we can’t let our data get our of our data center. We especially can’t let it be hosted outside the country!”. Fair enough. What will likely happen is a combination of these two scenarios:
This keeps the data within the cosy halls of the trusted data center, allows the recognition of some of the economies of scale by moving the UI and Business layer into Cloud based services, and has the huge security benefit of keeping the touch points off of your infrastructure.
in Windows Azure, you enable this through the use of the Azure Connect. You can even do secure database sync over Connect to enable the rapid publishing of data to the Cloud. The possibilities are limitless.