The software industry is entering another age of astonishing innovation. It's a time when not only software is advancing at an astounding rate, but so are hardware devices – where power is increasing as quickly as size is decreasing, and is making software and computing power near ubiquitous.Consider this: A handful of years ago, few would have believed that customer relationship management software would have moved almost completely to the cloud or that Lotus Notes, that gray old lady of IT, would have made the jump as well. Even among the proponents of cloud computing, few believed corporate software and data wanted to be liberated so quickly – and make itself readily available anywhere, anytime, on any device, and from within any web browser. Today, it seems more unusual not to have a software as a service (SaaS) or cloud offering that replaces a vendor's software applications.
No doubt, along with all of the benefits of SaaS will come new risks and challenges. This is especially true as even more mobile devices access critical corporate data. Consider the fact that one out of 10 laptops in use today will be lost or stolen, and you know most will not be encrypted. Then, there's the challenge associated with securing new cloud computing architectures, and all of their various shapes and sizes. I'm sure that in the years ahead, there will be a number of negative stories surrounding cloud computing. Providers will go out of business. There will be a number of system outages that affect large numbers of customers. And there will be a number of data breaches.Yet, I believe that the SaaS and cloud computing revolution holds the potential to benefit everyone in the software industry and all who rely on it for their business. For instance, we in the industry are well aware that software is evolving too quickly to keep up. It's a never-ending process of software enhancements, upgrades, security fixes and new installations. And, few would disagree that there are too many vulnerabilities affecting too many applications. In this disorder, most of the burden has fallen on the shoulders of corporations that have had to dedicate extraordinary resources to patch and mitigate the security holes.
Business has no choice but the path that simplifies many of today's IT complexities. And in this, the primary and strategic role of IT security will be successfully and securely managing the privacy and security risks associated with data living in the cloud.While the SaaS and cloud computing revolution is well underway, there still is much work to be achieved before the core infrastructure and associated services are as secure, reliable and trustworthy as they can be. For instance, we need ISPs to coordinate so that network traffic flows more cleanly and is free of malicious packets. We'll also need a simple, globally accepted way to recognize and manage the identities of people and devices.
There also is the crucial business of defining accurately how enterprises can integrate and secure their current infrastructure as more of it is moved to cloud services. For this effort, I encourage all businesses, security professionals, CIOs and vendors to work together to make the transformation as beneficial as possible for all.
While the visible shift to cloud computing to date has been the movement of applications and data to the cloud, it's not going to stop there. Soon, the day will come when companies outsource not only their software, but their network infrastructure, as well. One day, most everything we do on private networks — manage information, applications, infrastructure, and services — will be accessible instantly and securely from anywhere and from any web browser. It's time to prepare.