cloud hype
The cloud as you say requires the same but different skill set as well. The sysadmin is not going away anytime soon. Who is going to ensure disaster recovery if not the sysadmin?
The cloud is more of a threat to SME's than jobs. SME's moving into the cloud are moving into a new ballpark and a number of sysadmins may not be up to the eccentricities of the cloud environment. The main risk is not in the sysadmins job, but in the migration of services and data into a hostile cloud environment.
Hostile environment? Yes hostile. Why?
1. Automation of infrastructure provisioning in the cloud is a very new ballgame for many sysadmins from a traditional in-house server environment . The introduction of automated deployment and recovery, introduces a number of very complex "systems" that need to be learned put into place. The cloud providers API (or like), scripts, chef, puppet, etc. This is where the complexities and interdependencies come into play in a BIG way. In the cloud, simple is not really an option. Backup on another cloud service provider with a different API set, etc, etc. The cloud fails, fullstop. Running services in the cloud means that everything has to be designed and implemented with the knowledge that at some point your cloud infrastructure WILL failure. Data replication and automated recovery deployment because complex, a lot more complex of the traditional in-house physical recovery.
2. Security. Same ballpark, but a little bit of a different ballgame.
2.1 The defense-in-depth strategy in the cloud should not change just because the cloud service provider provides traffic security groups or rulesets. This should just be seen as an addition to the security, it should not replace traditional local NET security measures, they should mirror local NET rules, so they back each other up. No possibilities for sysadmin or other operator to make single change that affects ALL (CVE-0), it has to be a two step process. Understand the environment at the VM level and the provider level.
2.2 Automation, scaling your vulnerabilities. VM images in the cloud can be a crapshoot, who built the AMI or the image you are deploying? Is it secure? What is running on it by default? On an going basis are our appliances secure and up to date. Is our master image up to date? When we have to recover srv44 in a year as it crashed is ami-xyzab45 up to date? Are we going to deploy a dated AMI and introduce vulnerabilites into our cloud environment? When we need to quickly scale, are we deploying an old image that are not up to date, was there a CVE announced on something we did not hear about?
2.3 CVE-0 threat to organisation's cloud (and other) logins, etc. Now maybe the CTO and some of the developers have elastifox or cloud control panel login details = less secure, one drive-by download or keylogger and your cloud suddenly spawns a GPU cluster and starts to bruteforce the md5 strings from some hacked DB/s. DBs that were probably sucked of some cloud server that was running phpmyadmin in on the cloud webserver, because the devs wanted access.
2.4 Configuration
The cloud introduces new complexities = more complex sysadmin work (but perhaps by less people).
This is especially true in the SME and development arena. Unfortunately, the IT staff at a small company cannot be "realistically" expected to know ALL the best practices for all the things they will implement on the clouds, but this expectation exists.
In reality, probably 95% of ALL organisations that have deployed infrastructure and services on the cloud, will not need to ever really use the BIGGEST plus of the clouds - realtime auto-scaling. A lot of hype has pushed a lot of businesses into the clouds that probably do not need to be on the cloud, calling a spade a spade. Perhaps the relatively fast migration into the clouds has increase the number of breaches over the past few years. Vulnerabilities being automatically propagated to new infrastructure, poor implementation of security rules, less tight dev VMs that have web apps that are not hardened. Dev dumps db to dev VM ... SQL injection in web app = exploit. The DB is then ironically uploaded to another part of the cloud and all the md5s or salts cracked.
Is the cloud is less secure for the "users", not the sysadmins or companies, but the users that have accounts on the sites? Not because the cloud in necessarily less secure, just more complex to secure and has "things" running on it that in the past would have only been run on the LAN.
clouds sometimes = storms