From the RSA Conference, EMC VP Art Coviello discusses the security implications of cloud computing.
When it comes to enterprise computing environments, the skies are getting
increasingly cloudy-and dealing with that will mean covering up with flexible,
This was the message of Art Coviello, executive chairman of EMC's
RSA security division, during his keynote at the RSA
Conference today, in San Francisco. Last year, he told the audience, his
speech was about the promise of the cloud-the assertion that it's possible
to achieve security and do it better. This year, his keynote was "about the
"At this point, the IT industry believes in the potential
of virtualization and cloud computing," he said. "IT
organizations are transforming their infrastructures. . . . But in any of these
transformations, the goal is always the same for security-getting the right
information to the right people over a trusted infrastructure in a system that
can be governed and managed."
To meet the demands of the cloud, virtualization security must accomplish three
fundamental goals: be both logical and information-centric, become built into
applications and infrastructure, and be risk-based and adaptive.
"In virtualized environments, static physical perimeters give way to dynamic
logical boundaries defined by information and transactions themselves,"
Coviello explained. "Logical boundaries form the new perimeters for trust, and
virtual machines adapt security to their particular payload, carrying their
policies and privileges with them as they travel across the cloud."
Since information, virtual machines, and virtual networks can relocate in a
blink of an eye, security measures in the cloud must be just as dynamic, he
"Achieving this means building security into virtualized components and, by
extension, distributing security throughout the cloud," he said.
"Also, automation will be absolutely essential in enabling security and
compliance to work at the speed and scale of the cloud. Policies, regulations,
and best practices will be codified into security management systems and
enforced automatically, reducing the need for intervention by IT staff-a
problem that's getting away from us today."
On Monday, RSA announced the Cloud Trust Authority, a set of cloud-based
services designed to facilitate secure and compliant relationships among
organizations and cloud service providers. Within its inaugural set of
capabilities is an Identity Service powered by VMware's forthcoming Project
Horizon. EMC also announced the new EMC Cloud Advisory Service with Cloud Optimizer.
Enterprises are facing tremendous change across information, identities,
and infrastructure that is, in turn, creating challenges in control
and visibility, Coviello said. Virtualization and the cloud have the
power to change the evolution of security dramatically in the years to come, he
"Virtualization is the cloud's silver lining because [it] fuels the
cloud's ability to surpass the level of control and visibility that physical IT
delivers," he said.