There is no question cloud/utility computing has arrived and is here to stay. But, something is afoot that deserves special attention. On May 6, the Federal Communications Commission (FCC) of the United States announced a plan to reclassify broadband Internet transmission service as a telecommunications service to be regulated as other ‘common carriers’ in the United States.
Whether or not one believes such regulation is appropriate or not, this development is very significant because it will bring Internet transmission closer to a public utility like telecommunications and electricity. Although the current move excludes any regulation of the ‘computing functionality’ and content provided by the Internet services, it is only a matter of time before we get there. A ‘common carrier’ in the United States (roughly equivalent to a public carrier in continental Europe) is a person or company that transports goods or people for any person or company and that is responsible for any possible loss of the goods during transport. Early common carriers were railroads, airlines, bus lines, etc. Telecommunications companies and wireless providers came under this category in the twentieth century and now, broadband Internet. Given the history, it would not be a stretch to say that virtualization-based compute services such as those from Terremark, Amazon and several others are likely to become regulated public utilities in the next 10 years. This is good for the consumer. Coupled with free and fair access to broadband Internet, it will bring affordable and widespread access to computing to the general public.
What does this mean from a security perspective? Any public utility is part of the nervous system of a nation. The importance of securing such computing services should be comparable to the importance of securing our water supplies and electrical grids. Governance of these services will also come under scrutiny. Establishing robust risk management, problem resolution and privacy protection will be minimum requirements. The upshot for service providers building an infrastructure-as-a-service business is to go beyond basic security controls and ensure that they invest in a framework, tools and skills for managing Governance, Risk and Compliance (GRC) right from the beginning. Service providers that act now to build their infrastructure and services with this in mind will have an unquestionable competitive edge when cloud computing gains foothold. Those who develop this core competency will be able to break out of the pack in a commodity market.