How Secure is your Public Cloud, anyway?

I've been chatting with people lately a bit about the rate of uptake and adoption of these so-called "public" clouds. While I'm a big fan of the potential here, they still aren't the right thing for all workloads. There are problems with availability, security, latency, etc. which have not all been resolved. As an example, VMware was recently hit by this bug, and black hats identified some holes in Xen security. And these are surely not the last holes. Sometime around the time I was born, IBM started working with virtualization and providing very high end availability, reliability, security and such. VMware and Xen are much younger cousins which have a lot more growing up to do before they provide the security and isolation of physical machines. Of course, the push for Cloud Computing and ubiquitous virtualization will accellerate the improvements in security and isolation in these more modern hypervisors. But I probably wouldn't be putting my corporate intellectual property on a public cloud just yet. Many other workloads may be just fine but think carefully about what goes out into the public domain, er, cloud, and what you protect with those corporate firewalls.

On the other hand, those corporate firewalls give you some protection if you want to use private clouds inside your enterprise today. Those security holes mean that your own employees might get access to more information than you might have intended, but there are other things, like employment contracts, that give you some control over those types of misuses. And, unintentional access resulting from bugs at least puts your data in the hands of people you generally consider reliable.