Can a commoditised cloud be truly secure?

A drawing of a cloud holding numerous apps with an open padlock hanging from it
(Image credit: Shutterstock)

Call it the commoditised cloud if you like: I prefer to call the current cloud price wars a worrying trend for those of us in the business of caring about security. But only in the short term, in the long run the discounted cloud will lead to a brave new world of data security. Probably...

Someone recently said that "the value proposition presented by migrating data and services to the cloud is pretty clear cut for most enterprises, and there can be little doubt that it's this economic driver that has been at the forefront of the cloudy revolution" and that someone was me.

So you might think it's a bit rich for me to now be moaning about some of the biggest players in the cloud services provision business cutting costs even further and making the cloud value proposition even harder to ignore. Certainly I would agree that when Google slashes prices by as much as 85 per cent.

Much of the impetus for cutting prices can be traced back to hardware costs for these giants of the cloud infrastructure business; costs which have tumbled by 50 per cent over the last year as I understand it.

Some of it can be seen as a welcome move towards the simplification of cloud service pricing structures, which would certainly be of benefit to the end user if others follow Google down this predicted road.

The biggest force in driving costs downwards, though, is quite simply an attempt to grab bigger market share. Google can, quite plainly, easily afford to push the price of cloud computing down because it has a cash cow in the form of its web search and advertising business. It wasn't the first to hit the cloud space running, but the history of the technology business is full of pioneers who are suddenly eclipsed by new players with deep pockets.

Amazon knows that, which is why it quickly jumped in with price cuts across many services such as S3 storage, EC2 cloud and RDS cloud database platforms which help keep them at least competitive with the Google cost-cutting cloud machine. Microsoft took a little longer for the knee to jerk, but compute on Microsoft Azure prices are dropping by as much as 35 per cent and 65 per cent on storage in order to match the new Amazon pricing structure. Oh, and Microsoft also announced a new 'Basic' service level for Azure which can save customers another potential 25 per cent if load balancing and auto-scaling are not important to them.

This is where I jump into the fray with my security hat on and ask what else will be sacrificed at the altar of the discounted cloud? If you accept the premise that this latest round of cost-cutting is a firm indicator that the cloud is becoming commoditised then should that start ringing alarm bells as far as security innovation is concerned?

Let's face it, a general rule of thumb is that the rate of innovation increases during the race towards commoditisation and then slowly grinds to a halt once it has been reached. Price cutting and cutting edge developments are not the best of bedfellows for obvious reasons. Which is why I imagine that security will be moved to the back burner, or more accurately security development will be slowed down.

Or will it?

Well here's the bit where I question myself, and come up with some answers that ease some of my concerns. The likes of your Amazons, Googles and Microsofts will no doubt insist that they take your security very seriously and price cutting will have no impact upon this. I don't doubt that they will believe that as well, and the security measures they have in place will continue to protect your data and be updated as necessary to ensure this. However, what I'm more concerned with is whether the big boys will disrupt in development, whether they will bring in the new and surprising turns of security innovation that do things in a better way.

This might not be a bad thing, as more often than not the truly disruptive development doesn't come from the established players in any industry sector but rather the start-ups, the new boys with new ideas and no concept of business or corporate cultural restrictions to hold them back from marching forwards with seemingly daft ideas. They have a tunnel vision that is focussed on the innovation and are not hamstrung by the need to cut costs and grow market share because they have no market share.

It's the disrupters and innovators who are working on developing services for Cloud 2.0 rather than the giants who are carving out the rewards from Cloud 1.0 that will, in my opinion, secure both your data and the future of the cloud for some time to come.

But the best bit of all? I just don't know how this will happen .. I can’t wait.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.