Seeding Security into the Cloud

 
 
By Cameron Sturdevant  |  Posted 2010-03-10 Email Print this article Print
 
 
 
 
 
 
 

The RSA conference seeks to use lessons from single-tenant data centers to build security into cloud computing infrastructures.

The RSA conference, held in San Francisco during the week of March 1, sought to catch the cloud computing wave, while the expo show floor was packed to the gills with vendors wheeling and dealing-primarily in products that relate to the well-known problems of today.

Art Coviello, executive vice president of EMC and president of RSA, made this point in his opening keynote address: "We have a rare opportunity for a 'do-over'-to be present at the creation and rollout of this new wave [cloud] of computing with security built in from the get-go." I actually hope Coviello is right. The lessons learned from single-tenant data centers were ugly, hard-fought and damaging. It would be great if the price paid for perimeter security, IT governance and some spectacular data breaches-along with the high costs consumers bear in identity recovery-resulted in something that was more suited for business and less prone to aiding and abetting criminal enterprises. Every year I attend the RSA Conference, I'm impressed with the diversity of vendors, the breadth of industry knowledge and the cleverness of the conference themes. At the same time, I'm always reminded of the intensely competitive relationship of many of the vendors, both large and small.

This year was no different, and as an outside observer, I can say that despite the calls for cooperation and "let's all make this more secure," IT managers must be just as vigilant this year as last when it comes to evaluating vendor claims. With that said, I was struck by the role that EMC, the owner of both RSA and VMware, is playing in creating-let me call it a "vendor open" environment in which to incubate secure cloud development. Both Microsoft and Symantec, fierce competitors in various arenas with EMC companies, were part of the opening day keynote extravaganza. It is just possible that the right blend of technical smarts that I saw at the RSA conference sessions and business opportunity may coincide with the greater-good do-over Coviello spoke about.

Physical to Virtual, but Still Physical

At the RSA conference, I was struck by the increasing number of sessions and products aimed at fully integrating physical and virtual infrastructure. My chief concern with the cloud computing marketing messages is that IT managers are told they can put applications into a hosted infrastructure and then sit back as the productivity payoff washes over them. Virtual systems, no matter how insulated from the customer, still run on physical systems.

The IT industry has learned a great deal about managing and monitoring physical systems, and this is a great do-over opportunity for cloud computing. I can't imagine a greater service to users than leveraging what we've learned about defense in-depth and applying it to multi-tenant physical data centers that host cloud services.

But the recognition that clouds run on physical infrastructure left me wondering: What will happen as the cloud ages? This is one question that I didn't see addressed at the conference. I know what the pat answer is from cloud application providers: "Don't worry your pretty little head about that! We just continually upgrade and secure all the physical equipment so that you only have to worry about paying your monthly utility bill." But I think the reality will be a bit more complicated. Given the historic opportunity for a security (and, quite frankly, a monitoring and management) do-over, I hope that the RSA conference participants are able to look up from their quarterly financial performance reports to consider the ramifications of what I'll call the "cloud life cycle."


 
 
 
 
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel