How are the current crises affecting the cloud and its security? An interview with Soeren von Varchmin, Chairman of the Advisory Board CloudFest.
Times of crisis make flexible, location-independent working, as enabled by cloud computing, even more important. This is clearly confirmed by the increasing number of cloud users during the pandemic. But the cloud must also be able to deal with the challenges in crisis situations, the cloud must demonstrate resilience, it needs resilience.
The creators of the Cloud Industry Conference CloudFest explain: Everyone working in the cloud must learn how to maximize uptime, avoid data loss, and not sacrifice speed for the sake of security. But how does this work in concrete terms? What should companies know about this? Questions for Soeren von Varchmin, Chairman of the Advisory Board CloudFest.
Resilience, and therefore the ability to withstand, is a key topic for companies and in EU legislation. Highly appropriate to this is the main theme of CloudFest 2023, “The Resilient Cloud”. What does it mean, then, that a cloud must have the necessary resilience?
Soeren von Varchmin: We have gone from one crisis to the next. Starting with Covid, a war on our doorstep and now higher inflation. Even in our cloud industry, which is growing so fast, we see stagnation in large parts. This chain of events has led to very diverse problems in the industry, and every company needs to be very strong, very flexible and resilient in some form right now. That applies to cloud operators as well.
Let’s take all the problems in the supply chain: Many of the components needed, such as the cloud servers, are sometimes not available for months or even years. This is of course accompanied by price increases, which the cloud and managed service providers also have to pass on to users in some form. We still have difficult years ahead of us.
So resilience includes a number of things that are reflected in the CloudFest agenda. A central point here is cloud security. So who are the so-called “Protectors of the Internet” mentioned in the CloudFest agenda?
Cloud security happens at multiple levels, from hardware to application level. Let’s take the area of website security. This is an exciting topic, especially in the area of WordPress, because every second website worldwide now runs on WordPress. However, due to its structure, vulnerabilities occur repeatedly with WordPress, and attacks occur. It is therefore not surprising: cybersecurity companies are the second largest group among CloudFest partners. Cloud and managed service providers (xSPs) need more and more solutions for security, both internally and as products to resell to their customers. CloudFest therefore brings together relevant vendors and xSPs.
New developments such as quantum computing can serve as a protection factor, but they can also pose a risk. How should cloud providers as well as cloud users react to this?
This is a very exciting topic. I think our industry is in observation mode, with the exception of a few like OVH, who are already in experimentation mode with their new QaaS (quantum computing as a service) product. Some larger hosters are experimenting with HPCaaS, meaning high performance computing as a service. Quantum computing and HPC will become a bigger theme at CloudFest 2024. Going forward, I think we have a five- to seven-year timeline for this topic until it becomes interesting on a broader basis at xSPs.
Cloud security undoubtedly involves some effort. How should security managers defend their budgets?
We have planned hands-on sessions / deep dives on this very topic at CloudFest 2023. It’s all about cybersecurity from the xSP’s perspective: what does cloud security cost, how do I get this profitable? How do I pick the right partners? What are the advantages and disadvantages of working with multiple vendors? Another session that fits the question is: The Cybersecurity – Spiral. Is this entire spiral a war of escalations or was it made that way? Let’s see what we find out in March 2023.
When CloudFest takes place in March 2023, there might be the Privacy Shield successor, as a legal basis for data transfers to the US. Will cloud security then become less important, or is it more of a prerequisite for data protection in the cloud.
The discussions about a Privacy Shield successor are still relatively early. We are not yet sure whether the topic will already be “presentable” enough in March 2023 to be able to give visitors something concrete to take away with them. In any case, it is one of the most exciting topics for the cloud industry for the next three years. And to put it bluntly: cloud security is definitely the technical prerequisite for data protection.