Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

The Evolution of Cloud Security

by Neil MacDonald  |  February 25, 2010  |  3 Comments

I’ve researched virtualization security as it has evolved over the past several years, and I’ve come to the conclusion that Cloud Security (which is quite similar conceptually to virtualization security to begin with) will follow the same evolution:

Phase I: Organizations are focused on how to use the Cloud securely. That’s pretty much where we most of us are now.

Phase II: We start moving some of our security controls to the Cloud. This gained traction in 2009 and will be big in 2010. For example, web security gateway functions – see the “Cloudification” section in my post on the Top Six Trends for 2010.

Phase III: Using the Cloud to do things better than we can with our own on-premises equipment. Not only because Cloud-based computing should be an inherently more secure computing model, but for using the Cloud in ways that we can’t readily do with on-premises equipment. I’d be interested in your examples in addition to a few from my list:

  • Building more accurate models and heuristics of malware and malicious activity based on broad visibility and having more computing power to perform the analysis
  • Massively parallel static analysis of source code and binaries
  • Security that roams with the user as they move among networks we don’t own or control.
  • Real-time ‘reputation services’ that correlate information across multiple logical entities simultaneously – e.g. IP addresses, user identities, URLs, email and file objects.

That’s just a few of the emerging applications I envision.

No doubt, getting our usage of cloud-based computing secure is foundational. But that’s just the beginning of what is possible.

3 Comments »

Category: Cloud Next-generation Security Infrastructure Virtualization Security     Tags: , ,

3 responses so far ↓

  • 1 Philam Osi   March 2, 2010 at 2:22 am

    Cloud computing is getting bigger and popular now. More and more companies are adopting it. For the security, I’m sure they already studied that long time ago. However, it could be improved more once tested..

  • 2 Jay Heiser   March 12, 2010 at 7:09 pm

    I’m not at all sure that ‘they’ studied it long ago.

  • 3 Neil MacDonald   March 13, 2010 at 12:46 pm

    Philam, I mostly disagree (to Jay’s point), but partially agree.

    Let me explain.

    The Cloud isn’t one thing, so securing the Cloud can’t be one thing either. In Gartner’s Cloud architecture, the upper layers of Cloud Services (like Software as a Service) – procuring secure Cloud services can build on what we already know about procuing and secuing SaaS – like salesforce.com. We can also build on our knowledge and experience with dealing with outsourcers and how to incorporate security and SLAs into these types of offerings.

    But the Cloud is much more than this and some layers of the Cloud we have almost no experience in dealing with security – e.g. Application Platform as a Service and Infrastructure as a Service. Here, there are many alternatives and I wouldn’t agree that this is well known or well understood nor have standards of due dilligence been established.

    Neil