Service providers really have no option — they must do cloud even if they’re not quite sure what it is. The hype has made it inevitable. So most providers are cobbling together some sort of infrastructure-as-a-service (IaaS) offering. At first, theses IaaS clouds are offered as alternatives to traditional hosting, but all providers clearly expect IaaS to replace traditional hosting in all but the rarest of use cases. Should service providers be delighted about these developments? More likely terrified, if they really look at the economics of cloud.
Cloud computing may be hard to define but its economic characteristics are pretty clear: It represents the ultimate commoditization of computing, removing most if not all differentiation between offerings and turning all computing into homogeneous bundles of gigahertz, gigabytes and gigabits/sec. On top of commoditization, the cloud encourages the development of mega-scale data centers and enormous concentrations of processing. Economies of scale, combined with lean and mean operations will push cloud-computing providers into a relentless race to the … bottom.
So what is the role of security in all this? Security is like a liquor license to a restaurant — an opportunity to up-sell each customer with a high-profit margin product to balance out the dismal or loss-leading margins of the core product. Security is the single most profitable differentiator that a service provider can add to IaaS to have any hope of making money. Security is brand-sensitive, labor-intensive, infinitely customizable and difficult to scale.