Some of you may remember Marathon Man, starring Lawrence Olivier as the evil Nazi dentist Dr. Christian Szell, and Dustin Hoffman as a graduate student nicknamed Babe. Szell has come to New York from his South American jungle hideaway to retrieve a cache of diamonds, but he’s not sure he won’t be walking into a trap. He thinks Babe knows, and tortures him by repeatedly asking, “Is it safe?

Szell: “Is it safe? Is it safe?”
Babe: “You’re talking to me?”
Szell: “Is it safe?”
Babe: “Is what safe?”
Szell: “Is it safe?”
Babe: “I don’t know what you mean. I can’t tell you something’s safe or not unless I know specifically what you’re talking about.”

It’s a scary scene.

I’m reminded of it whenever people ask or say: “Is the cloud secure?” or “Public clouds aren’t secure” or “Multitenant applications aren’t secure.”

So, is your cloud safe? Is it secure? 

Like Babe, I can’t tell you unless I know specifically what you’re talking about. Just like the term cloud computing, we need a more sophisticated understanding of what the word “safe” or “secure” really means.


Security is a Complex Topic

A cloud service is secure if and only if it meets specific requirements in five key areas:

  • Hardening
  • Identity and access management
  • Auditing
  • Testing
  • Compliance

So how should I describe those requirements, or how should a provider of a cloud services describe the level of security?

I’d like to suggest moving to thinking of security as “security-as-a-feature”. With this in mind, the engineering team for a cloud service provider would plan to add security just like any other functional feature. Likewise, the consumer of a cloud service would see security features as part of a list of constraints, objectives and requirements.

In fact, Google search has for years been treating performance “as-a-feature”.  Consider Google search from ten years ago. Is the function any different? If so, what are all those engineers in the Google search group working on?  Just look at the top of the search results and you’ll see how many seconds it took for your search to run. Over the past ten years, you can believe they’ve been working on making that performance feature run faster and faster.


So What is an Example of a Security Feature?   

To start, let’s focus on one of the five major areas of security: hardening.

Hardening means I have all good software and no bad software in my service.  If I’m providing a compute & storage cloud service, then this includes all of the software managing and delivering the compute & storage service, as well as all of the software in the datacenter including power management and building access.

Recognizing this, let’s focus on just one aspect: making sure you have all good software.  Every vendor releases security patches on a regular and (sometimes) emergency basis.  In a particular compute & storage cloud service, this could easily translate to be 100s of patches per quarter.

What if you were a cloud service provider and said:

“Within 92 minutes +/- 5 minutes of the release of all security patches, we test with 1124 tests and place the patch into production within 22 hours +/- 10 minutes.”

Now that would be “security-as-a-feature”. Of course that’s just one of many features of a next generation secure cloud service.

So maybe one day, as a consumer of cloud services, you’ll be able to shop for the security features you need – and as a producer of cloud services you’ll be able to devote engineering resources to building even better security features.

And of course, a parallel argument applies to other operational areas, such as performance, availability, change management and customer service.


For More Information

For a deeper discussion on this topic, consider:

  • Watch out for my next and final blog in this series, coming out Monday April 6.



Timothy Chou

Lecturer at Stanford University