RSA Chief Coviello: Cloud, Virtualization Will Dramatically Change Security

From the RSA Conference, EMC VP Art Coviello discusses the security implications of cloud computing.

When it comes to enterprise computing environments, the skies are getting increasingly cloudy-and dealing with that will mean covering up with flexible, dynamic security.

This was the message of Art Coviello, executive chairman of EMC's RSA security division, during his keynote at the RSA Conference today, in San Francisco. Last year, he told the audience, his speech was about the promise of the cloud-the assertion that it's possible to achieve security and do it better. This year, his keynote was "about the proof."

"At this point, the IT industry believes in the potential of virtualization and cloud computing," he said. "IT organizations are transforming their infrastructures. . . . But in any of these transformations, the goal is always the same for security-getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed."

To meet the demands of the cloud, virtualization security must accomplish three fundamental goals: be both logical and information-centric, become built into applications and infrastructure, and be risk-based and adaptive.

"In virtualized environments, static physical perimeters give way to dynamic logical boundaries defined by information and transactions themselves," Coviello explained. "Logical boundaries form the new perimeters for trust, and virtual machines adapt security to their particular payload, carrying their policies and privileges with them as they travel across the cloud."

Since information, virtual machines, and virtual networks can relocate in a blink of an eye, security measures in the cloud must be just as dynamic, he added.

"Achieving this means building security into virtualized components and, by extension, distributing security throughout the cloud," he said. "Also, automation will be absolutely essential in enabling security and compliance to work at the speed and scale of the cloud. Policies, regulations, and best practices will be codified into security management systems and enforced automatically, reducing the need for intervention by IT staff-a problem that's getting away from us today."

On Monday, RSA announced the Cloud Trust Authority, a set of cloud-based services designed to facilitate secure and compliant relationships among organizations and cloud service providers. Within its inaugural set of capabilities is an Identity Service powered by VMware's forthcoming Project Horizon. EMC also announced the new EMC Cloud Advisory Service with Cloud Optimizer.

Enterprises are facing tremendous change across information, identities, and infrastructure that is, in turn, creating challenges in control and visibility, Coviello said. Virtualization and the cloud have the power to change the evolution of security dramatically in the years to come, he added.

"Virtualization is the cloud's silver lining because [it] fuels the cloud's ability to surpass the level of control and visibility that physical IT delivers," he said.