HP's CEO, Mark Hurd, took the stage today as a keynote speaker at Gartner's Symposium.

Out of the gate we see the headlines such as "HP's Hurd dings cloud computing, IBM" (CNET) and "HP's Hurd: Cloud Computing Has its Limits" (Seeking Alpha).

Leaving aside the grammatical issues with the articles title, and IBM for that matter, let's consider what Mark had to say and what HP thinks are the real issues and real solutions for cloud computing.

Firstly, what about HP's own potential use of cloud computing as quoted by CNET -

"The cloud is real for many consumer services," he said. So why isn't it suitable for HP's core financial records stored in the general ledger? "Security, for one thing. We get about 1,000 hacks a day. They're more sophisticated every month," Hurd said. "Security and reliability is a huge thing. It's unlikely we'd put anything outside the firewall that's material in nature that we couldn't 100 percent secure."

Those in the audience gave me the following insights.

• Mark was asked about disruptive technologies and brought cloud computing up as the first example.
• Customers that he talks with find the term "cloud computing" too vague... There is a critical need to break it down into clear services and simplify service offerings
• "Behind the firewall clouds can do great things"
• In front of the firewall, "HP is experiencing 1000 hacks/day"
• Mark is NOT in favor of email or financials in the cloud (C/NET article quotes this verbatim)
• There is a need for 100% secure clouds
• HP will play in 100 percent secure clouds".
• Security and Reliability are key...
• Critically, Mark talked a lot about security. In fact, he spoke more about security in this cloud context than ever before.

In the broad Security remains the #1 concern or barrier to using cloud computing (definitions aside). IDC recently released their "Cloud Computing 2010 . An IDC Update" report which showed that year over year security not only remains the #1 concern, but in fact grew from 74.6% in 2008 to 87.5% in 2009. What is interesting here is that while security remains the #1 concern for cloud computing, it still does not feature in ANY of the common cloud definitions...

Regardless, HP offers its own views on how to manage the enterprise approach to cloud computing which heavily emphasises security and risk management in general as key components to its strategic use. In fact, this week we published a very high level article on how "Faith-based IT doesn't work in the cloud".

Firstly, when you utilize the cloud, it's critical that you know where your data is, how it's protected, and who can access it. Unfortunately, many cloud service providers don't share these details. Even worse, many make no promises about protecting your data. Here are the key points to consider for a secure approach to cloud computing:

• Classify: When considering a cloud service, first classify your data to determine its suitability for the cloud. Doing a cost benefit analysis is an important part of this process. Are the savings of putting data in the cloud worth the risks of breaches in security or privacy regulations?
• Assess: Find a service provider that does security assessments to determine whether your application or data is ready for the cloud. The best service providers will determine which compliance regulations you're subject to and help you meet them.
• Start with non-sensitive data: Don't begin your foray into the cloud with applications that expose your customers' credit card numbers and bank account information. Start with the less risky applications until you can securely manage the model and your provider's services.
• Critically evaluate service provider agreements: Find out exactly how your service provider plans to secure your data and keep it private in the cloud. If your data is critical to the business, demand satisfactory assurances from your provider. These include appropriate terms of service (TOS), acceptable use policies (AUP) and service level agreements (SLAs).
• Encryption: Don't leave encryption to your cloud service provider. Make sure you have key lifecycle management in place. Also, using your data classification effort as guidance, encrypt your data as appropriate and necessary.
• Insist on transparency: Demand the ability to know what's happening in the physical infrastructure that underlies the virtual infrastructure.

This is a very short article on the issues and how to approach cloud computing in a simpler and more secure manner. Look for much more from us on the HP Secure Advantage for secure cloud solutions alongside our overall HP Cloud Computing Solutions strategy breakdown including: HP's Cloud Assure service enables security and performance in the cloud and HP's Cloud Consulting Services