Cloud Security: Look to the Mainframe

With all the talk about cloud computing, a number of questions have arisen about how secure the cloud really is. Personally, I'm not that concerned. If implemented properly, cloud security may actually be better for cybersecurity if but for one reason: we've been down this road before.

While some may argue with the specifics, cloud computing is a modern version of the mainframe services that businesses flocked away from a decade or two ago. Now, in a reversal, many are moving to the "cloud," i.e. moving control of their computing efforts from an internal local function to a centralized computing location.

So as companies and the government ponder security in the cloud, it would be worthwhile to look back before recreating a new security regime. Mainframes, in many ways, were inherently secure. There was centralized control and the main challenges were managing user accounts and access control. These are easy challenges, especially in an distributed network environment when a mainframe has to assess whether users are who they say they are -- identification and authentication tools are critical.

Also, using the cyber cliche, a network is only as strong as its weakest link -- if a mainframe administrator did not properly secure the doors (e.g. ports) to the mainframe, then the potential for damage and theft was significant. Sure, we have that same problem in a non-centralized networking environment, but the potential to get more data more easily and all at once increases in a centralized environment. In today's world of Anonymous hackers, this weak link is one that cannot be tolerated.

As we watch the debate on cloud security evolve over the next few years, let's hope that some of the veterans of mainframe are around to share their sage advice. Otherwise, the effectiveness of the cloud could be tested in ways we preferred it was not.