November 19, 2012
Security is often identified as one of the barriers to wider cloud adoption. Even though it is often counter to reality, there is significant doubt in many organization’s minds about the relative security of cloud as opposed to their traditional on-premise cloud. As I said this is often an irrational fear and one which is as much caused by marketplace FUD as it is by real concerns and constraints.
A new startup out of Australia is looking to attack those perceptions head-on. Sentinus is a consulting company that specializes on short engagements helping to plan and review the security around cloud projects. It’s a high growth area – the success of new age consulting companies like Appirio shows that despite cloud being a key driver to self-service and end-user adoption – there is still a significant opportunity to add value in helping with the process.
Anyway – as part of their launch Sentinus developed the Sentinus Toolkit, a document which helps organizations with standards assessment, best practice guidelines and vendor selection when moving to the cloud. The toolkit is designed to help an organization find a cloud vendor they can trust. It uses best-practice in cloud security, service quality and architecture to expose hidden weaknesses.
Sentinus actually has a number of downloads which help organizations assess and review their readiness and their vendor’s suitability for purpose. One of these is the Sentinus 80 point safety check that goes through a bunch of different measures: features, service, policy architecture etc, to help customers get a rough assessment of a prospective supplier.
The rationale for what they’re doing (beyond, of course, gaining a bit of attention) is simple. Says Damian Bramanis, the Sentinus Director of Advisory Services;
We’re seeing a wealth of choices in cloud services, it’s like visiting a supermarket. The difference is, at the supermarket we’re protected with standards for food quality and labeling, but in the cloud it’s far too easy to end up with a rotten egg.
I have to say that much of what Sentinus is trying to do would be well delivered by an independent code of practice. As an aside I was heavily involved in creating what was the first of this kind of national codes of practice when a group of people, backed by a local industry watchdog and with buy-in from a number of vendors, created the New Zealand Cloud Computing Code of Practice.
I like the guides that Sentinus has developed, and having their content will only help to educate the market at large, I would say however that these sort of things are sometimes best delivered in a vendor neutral way and it would be great to see the Australian industry develop or adopt a broad CoP for themselves.