While many see security as being a barrier to cloud adoption, the Cloud Security Alliance has a very different viewpoint. The CSA sees the cloud as being the technology platform that could extend and improve security across the IT landscape.
Junaid Islam, founder and CTO of Vidder and a member of the CSA, told eWEEK that the new Software Defined Perimeter (SDP) initiative is all about using the cloud as a way to protect application infrastructure. Islam explained that the CSA is working as an “honest broker” to put together the best practices and guidance that will constitute the SDP as a new framework for IT security. The result, he added, is expected to be a standard that can be implemented by any cloud service provider without any license fees.
Bob Flores, former CTO of the CIA and currently the CEO of Applicology, is helping to lead the SDP effort for the CSA. Flores told eWEEK that his hope with the SDP is that it gets fully integrated into cloud platforms.
“The hope is that, from a security perspective, once companies get used to using a standard security framework in one cloud, when they move to another cloud the same kind of security services will be available,” Flores said.
The type of services that the SDP will aim to provide includes cloud-based authentication and security configuration capabilities. Multiple vendors today, including Cloudflare, Incapsula and Akamai, already offer cloud-based security services to customers. What the CSA is aiming to do with the SDP is expand the scope of the security controls that are available in the cloud, Islam said.
“Today the cloud security solutions are mostly point solutions, things that do DDoS [distributed denial of service] protection,” he said. “We’re not in competition with those vendors; we’re trying to build a framework that helps people to understand what’s required to build a complete security perimeter in the cloud.”
Instead of having enterprises buying a set of security boxes and services and then putting it all together on their own, the SDP aims to have all necessary security components available as a standardized service in a cloud, Islam explained.
In his experience, Flores said he has seen a lot of implementation headaches for organizations trying to build out their own sets of security controls.
“One of our goals is to take these security activities that people have been doing, codify them and then make it all available for the cloud providers to take advantage of,” he said.
In terms of specific cloud providers or cloud technologies, Flores said the CSA isn’t focused on any one group or cloud vendor.
“What we’re talking about doing is creating new standards for cloud security that anyone can take advantage of,” Flores said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.