Security is weak in the cloud: RSA President

By Negar Salek, live at RSA on Mar 3, 2010 9:08 AM
Filed under Security

Enterprises hold back migrating to the cloud.

View larger image View larger image View larger image Vendor: Silver Tail Systems Product name: Forensics HQ: USA Founders: ex-eBay and Paypal ...

See all pictures here »

Service providers need to demonstrate their ability to effectively enforce policy, prove compliance and manage multi-tenancy environments, so enterprises can outsource infrastructure to the cloud, Art Coviello, president of RSA, said during his keynote address at the RSA Conference in San Francisco overnight.   

Coviello said the shortcomings of security in virtualised infrastructures is holding back the full capability of cloud computing, prohibiting organisations from taking full advantage of the pay-as-you-go services model.    

He said the cloud enabled organisations to move away from their ageing infrastructures and instead focus their investments on the business. But, "something is holding back the full realisation of this vision, and that in a word, is security," said Coviello.   

Organisations need the ability to dictate and federate policy to their service providers so their information can be handled and accessed appropriately.  

"And service providers should be able to tell auditors just about anything they need to know with verifiable metrics.  

"The ultimate goal is to generate a concise summary that feeds into a government risk and compliance on one dashboard that demonstrates the level of compliance," said Coviello.  

An additional challenge for service providers is securing multiple tenants in one cloud.

Service providers must defend sensitive data of multiple tenants, said Coviello, who used an example of Coke and Pepsi possibly ending up on the same cloud to demonstrate the importance of securing data in the clouds.  

"To achieve isolation requires controlling the flow of information between tenants," he said. "This can be accomplished by leveraging a hardware root of trust at the chip level that verifies virtual machines are running on the right hardware systems and this can be leveraged to pools of trust," he said.  

Yesterday at the RSA Conference, EMC released a proof-of-concept in collaboration with Intel, VMware, RSA and Archer (EMC had recently acquired the latter), then demonstrated its cloud security vision of securing the cloud from the bottom of the stack at the hardware level and up.

"The security industry needs to be more closely connected to the evolution of cloud computing in order for it to evolve, and it must ensure a secure protection that surpasses what physical environments offer today," Coviello said.

"The cloud will complete the transformation of IT infrastructures unleashed by the internet organisations, so we must play an essential role in making cloud computing a reality."

 
Follow us on Facebook and Twitter
 
 
 
 
 
 
Top Stories
Planet Tel buys Via IP in Aussie integration push
Telco provider talks up integration credentials.
 
Microsoft rides slight PC recovery
Uptick in PC sales after two years of decline.
 
NEC Australia to sell HQ, hints at possible job cuts
Another multimillion-dollar loss for local arm of Japanese giant.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which mobile device couldn't you live without?


Latest Comments
CRN Magazine

Issue: 328 | June 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.