listen to this article:
Cloud computing has arguably been the biggest tech innovation of the past two decades. Clouds have enabled disparate teams to collaborate on projects; have enabled both consumers and businesses alike to pare down their hardware; and have characterized an evolving culture of work-from-anywhere.
It’s been over fifteen years since Google CEO Eric Schmidt introduced the term “cloud computing” at an industry conference, and it would seem like cloud computing is a given – whether that’s incorporating public or private clouds with on-premise data centers, or with cloud-native computing.
However, several challenges with current cloud computing setup could mean that the cloud revolution is not quite done or truly “cloud-ready” yet. So when I was tasked by my team to research the evolution of cloud (infographic here) – it was both rewarding and enlightening to understand the documented history of the cloud.
In this blog, we’ll discuss how different aspects of collaborative work drove the invention of cloud computing; how virtualization enabled that vision; and our predictions for what the future looks like for cloud key management.
Evolution Driver 1: Resource Management
The very basis of cloud computing came about in the 1950s, with the introduction of the concept of time sharing, or multiple companies sharing terminals and monitors at a time when computers were exorbitantly expensive to keep, store, and maintain. In the 1970s, virtual machines expanded this concept by allowing developers to run several different distinct operating systems on the same physical node.
The current conception of cloud computing centers around the “as-a-service” model – beginning with the cloud’s “server-as-a-service” model wherein millions of people purchase storage and applications from one central server.
While the concept technically launched in the mid-1990s, cloud computing became mainstream beginning with in the mid-2000s, with the emergence of the “big 3”: Google Cloud Platform, Microsoft Azure, and Amazon Web Services (AWS). While this modern conception of resource sharing was made with business in mind, cloud computing also began catering more and more to developers, begin with AWS Lambda’s introduction of serverless computing in 2014. (For more details about Lambda and serverless computing in the 2010s, see the full Evolution of Cloud infographic.)
Evolution Driver 2: Collaboration
Cloud computing may have been a convenient way for companies and end-users alike to pool their resources – but where it really innovated the tech world is when it introduced more and more opportunities for collaboration.
The idea of using time sharing not only as a resource management tool, but as a virtual network, emerged in the 1960s with the vision behind ARPANET, the US Advanced Research Projects Agency (ARPA)’s network between 4 computers hosted at various scientific institutions within the agency. In the 1980s, the PC boom sparked the drive for enterprises to be able to connect their growing number of computers and mainframes in-house, and to share data between them.
Cloud computing really took off as a collaborative tool with the ubiquity of the Internet, however – and the growing use of internet-based tools and applications in daily life. The mid-2000s just predated the smartphone and wearable era of consumer technology; it is no accident that enterprise-wide information sharing became mainstreamed around the same time. As computers became able to be pocketed, the need to be able to access business-critical data from that pocket became paramount.
While 2010 has been named, at times, “the decade of cloud” – 2020 saw the rapid rise in cloud services once the COVID-19 pandemic drove billions of professionals around the world to permanently work from their homes. With over 80% of company leaders now looking to make at least part-time remote work a permanent fixture of office culture, being able to quickly access information, applications, and services from anywhere – and to keep it all secure – is arguably the most critical security issue facing the post-COVID business.
The Future of Cloud
At Unbound, we believe the future of cloud involves addressing two critical challenges enterprises face: employing consistent key management policies across an organization, and compliance with complex data privacy laws.
Consistent Cloud Key Management
Most organizations divide their keys between multiple clouds, both private and public. The issue, however, is that clouds are rarely interoperable; not only are the cloud key management (and often the encryption) systems vastly different between, say, Microsoft Azure and AWS – but keys stored on one cannot communicate with keys stored on the other. For enterprises using one Cloud Service Provider (CSP) to manage one part of a data service and a different CSP for another, this is a nightmare.
Interoperability issues aside, the differences between clouds also present issues with applying the same security policies consistently across different key managers. From a security standpoint, this provides more and more opportunities for weak points in an organization’s data infrastructure.
To learn more on managing cryptographic keys in the cloud, download our eBook.
Compliance with GDPR, CLOUD Act, and CCPA
The 2020s are proving to be the decade for compliance – and what compliance means for your data can vary wildly from country to country.
The two primary conflicting compliance codes are the European Union (EU)’s General Data Protection Regulation (GDPR) and the US Clarifying Lawful Overseas Use of Data (CLOUD) Act. While the full implications of each are complicated, the simplified version is as follows:
- EU citizens are entitled to data privacy via GDPR, including the right to be forgotten, or for any personal data to be deleted upon request. The California Consumer Privacy Act (CCPA), issued in 2020, has similar regulations.
- Conversely, enterprises holding data in any US-based data center are privy to government access to data – no matter where those enterprises are based.
The result is that enterprises with clients in the EU and any data center based in the US – including the use of any CSP based in the US, which is essentially the big 3 – can be subject to fines and other penalties from both the US and the EU for non-compliance. (For more information about how to mitigate non-compliance with this conflict, read our GDPR and Cloud Act guide.)
The Solution: Collaboration and Resource Management on the Cryptographic Level
For enterprises to become truly cloud-agnostic, they need to be able to take the spirit of collaboration and shared resources involved in the birth of cloud computing and implement them to the very core: the cryptographic level of critical data infrastructure.
Unbound Security has explored this idea, and how it can be implemented through a universal API for all cryptographic applications and by gaining full control over the encryption keys for cloud-based secrets management.
For more information on how to manage cloud keys efficiently over multiple cloud environments, watch our latest @theCOREofIT Cloud Conversation.