As cloud computing continues to thrive and as more and more enterprises penetrate the cloud, security becomes a further pressing issue. This will be one of the subjects to be impressed on the RSA Conference 2012. A special group was assigned to look into data integrity and cloud data security in the cloud. Another organization, the Cloud Security Alliance (CSA) is to have its third annual summit, which is also expected to tackle the emerging cloud security standards.
Bret Hartman, CTO and EMC Fellow of RSA said, “If you go back a year or two, there were still a lot of questions about what the cloud is and the distinction between cloud models. We’re definitely way beyond that. Now it’s a question of how do we move towards this hybrid world where we’re getting comfortable with outsourcing certain services – then the security issues become much more significant.”
The conference expects that one of the hottest topics will be authentication issues. This is as cloud computing provides the platform for easy access from different devices more particularly mobile gadgets, pressing demand for better security will increase.
Hartman said, “It’s the first big area that companies have to address if they think about the cloud because they have to secure enterprise access across multiple services. You can’t really think of one without the other.”
CSA, on the other hand, plans to initiate mobile cloud security and the legal issues that accompany it, such as the European Union Data Protection Regulation and the US Patriot Act. Part of its initiatives will be to seek mobile device guidelines for the employee-owned device that has unlimited access to business data center, and to provide clarity on security regulations for both cloud customers and providers.
Jim Reavis , CSA Executive Director said, “How do you manage these smart devices that are potentially employee-owned and working on business information outside of the corporate perimeter, accessing a public cloud? It’s a model we haven’t really addressed with the [CSA] framework. If we’re not addressing that portal into the cloud, we’re going to be missing the boat.”
“We want to take the marketing hype out of these complex legal issues. We want greater transparency so we can help advice policy makers and consumers on how to move forward,” Reavis added.
The plans to expand to the Asia Pacific region is also included in the CSA initiatives. All in all CSA and the RSA Conference groups see the public and private cloud thriving, therefore, requiring security reliability.
Vice president of product and solution marketing for HP enterprise security products, Michael Callahan said, “Security remains the top inhibitor to people adopting more cloud technologies and hybrid environments. What you’re starting to see is the vendors have put more research into, and have developed more solutions to ensure you have this level of security as you move your infrastructure into the cloud.”
As hybrid clouds become more popular there will be an expected demand for more secure platforms that can provide reliable user authentication with a high level of rules and protocols. With the public and private cloud constantly interacting, the previous precautionary change of passwords is no longer enough due to the sophisticated hacker practices these days.
CloudPassage, a startup in San Francisco had seen this coming three years ago, so Carson Sweet founded it in January 31, 2009 and became CEO. Halo Netsec works with CloudPassage on its efficient firewall, intrusion-detection and two-tier authentication features. It is built to secure both the physical network and the virtual server. CloudPassage also has a computing grid that contains a 3MB security daemon that monitors system intrusions. Another level of security it has is the new USB key that assigns a new password every time the user logs on.
CloudPassage is, “first and only server and compliance service that specifically provides multiple-level security for elastic cloud servers,” Sweet said.
As cloud computing evolves the requirement for newer types of security system also emerge. Security systems that work 100% for on-site data center may not be even useful for the cloud environment.
Sweet said, “When people look at adding security to a cloud system, they generally think they’re buying a slice of something. So now we’re doing full-blown dynamic firewall management, multi-cloud. We’re going to cross-cloud (systems) now, so we can have servers in EC2 (Amazon’s Elastic Compute Cloud), in Rackspace and in Terremark with one policy over all of them. The most interesting aspect of all of this continues to be that it all just works in the cloud.”
The continuing popularity of cloud computing carries with it the demand for more reliable and efficient security systems, which Forrester Research predicts will increase to a $1.5 billion (£950 million) market by 2015. They refer to cloud security as the “security solution ecosystem” in the future. This trend will also actively shift enterprise budgets from infrastructure to cloud security projects. Budgets will be poured into identity and access management; data, operation and application security; and cloud governance.
Jonathan Penn, a Forrester analyst said, “I’d still say that there’s a lot more activity on SaaS (software as a service) enabling security solutions—security in the cloud—than solutions that secure cloud.”
“Concerns about cloud security have grown in the past few years. In 2009, the fear was abstract: a general concern, as there is with all new technologies when they’re introduced. Today, however, concerns are both more specific and more weighty. We see organizations placing a lot more scrutiny on cloud providers as to their controls and security processes, and they are more likely to defer adoption because of security inadequacies than to go ahead despite them,” Penn added.
Quotes were taken out of the article “Cloud computing security issues on tap at RSA Conference 2012” by Marcia Savage from TechTarget.