Security is weak in the cloud: RSA President

By Negar Salek, live at RSA on Mar 3, 2010 9:08 AM
Filed under Security

Enterprises hold back migrating to the cloud.

View larger image View larger image View larger image Vendor: Silver Tail Systems Product name: Forensics HQ: USA Founders: ex-eBay and Paypal ...

See all pictures here »

Service providers need to demonstrate their ability to effectively enforce policy, prove compliance and manage multi-tenancy environments, so enterprises can outsource infrastructure to the cloud, Art Coviello, president of RSA, said during his keynote address at the RSA Conference in San Francisco overnight.   

Coviello said the shortcomings of security in virtualised infrastructures is holding back the full capability of cloud computing, prohibiting organisations from taking full advantage of the pay-as-you-go services model.    

He said the cloud enabled organisations to move away from their ageing infrastructures and instead focus their investments on the business. But, "something is holding back the full realisation of this vision, and that in a word, is security," said Coviello.   

Organisations need the ability to dictate and federate policy to their service providers so their information can be handled and accessed appropriately.  

"And service providers should be able to tell auditors just about anything they need to know with verifiable metrics.  

"The ultimate goal is to generate a concise summary that feeds into a government risk and compliance on one dashboard that demonstrates the level of compliance," said Coviello.  

An additional challenge for service providers is securing multiple tenants in one cloud.

Service providers must defend sensitive data of multiple tenants, said Coviello, who used an example of Coke and Pepsi possibly ending up on the same cloud to demonstrate the importance of securing data in the clouds.  

"To achieve isolation requires controlling the flow of information between tenants," he said. "This can be accomplished by leveraging a hardware root of trust at the chip level that verifies virtual machines are running on the right hardware systems and this can be leveraged to pools of trust," he said.  

Yesterday at the RSA Conference, EMC released a proof-of-concept in collaboration with Intel, VMware, RSA and Archer (EMC had recently acquired the latter), then demonstrated its cloud security vision of securing the cloud from the bottom of the stack at the hardware level and up.

"The security industry needs to be more closely connected to the evolution of cloud computing in order for it to evolve, and it must ensure a secure protection that surpasses what physical environments offer today," Coviello said.

"The cloud will complete the transformation of IT infrastructures unleashed by the internet organisations, so we must play an essential role in making cloud computing a reality."

Follow us on Facebook and Twitter


Top Stories
Generation-e acquires Paradyne
Creates 1,000-client powerhouse in UC and cloud.
Crunching the numbers: how the 2015 CRN Fast50 did it
Unearthing secrets of their success.
Squeezed in cloud, Rackspace bets on 'co-opetition'
AWS and Azure deals follow dark years for Rackspace.
Sign up to receive CRN email bulletins
Was your most important vendor the same in 2015 as in 2014?

Latest Comments
CRN Magazine

Issue: 343 | October 2015

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.