I presented a session exploring this provocative point of view at Gartner’s US Fall Symposium titled “Why Cloud Computing Will be More Secure Than What You Have Today”. This Wednesday afternoon presentation was a part of Gartner’s “Maverick Track” where presentations that challenge conventional wisdom are provided for clients. If you attended Symposium and weren’t able to make the session, all of the presentations are available online as well as (for the first time) videos of every session.
Interestingly, on Thursday of that week at Symposium we had the chance to ask Steve Ballmer this question on stage during our mastermind interview session. Essentially, we asked him “Cloud Security – Oxymoron or Achievable?”. His answer – Achievable. You can see the longer version on the link enclosed. Essentially, his point was there was too much money at stake and that the market potential would spur innovative approaches to solving this problem.
Here’s two recent examples. Trend Micro has introduced a new technology called SecureCloud based on technology it had acquired from Identum. Basically, think of this as full drive encryption for the Cloud. By using an agent (kernel driver) loaded into each VM, all traffic written to and from the Cloud provider’s storage is automatically encrypted. This keeps the Cloud provider’s staff from directly seeing your data, but is transparent to your applications running at higher levels within the VM. Of course encryption alone means nothing without control of the keys. Here’s the really interesting part of their innovation – in phase I your keys are stored in Trend Micro’s data centers. In phase II, the keys can be stored in your own data center. I’ve blogged about this before — if the Cloud providers doesn’t have your keys, they don’t have your data.
Microsoft is trialing a technology called the “Windows Azure Platform Appliance” (WAPA) which allows larger enterprises and service providers to become a part of the Microsoft Azure Cloud fabric, but while maintaining compute and storage locally in an “appliance” (don’t let the name throw you, these are not toaster-sized appliances – think Winnebago! – with roughly about 1,000 CPUs in the current version). My colleague Tom Bittman and I explore WAPA in detail in this recent research note for clients along with recommendations for when it should be considered. WAPA will help enterprises to address security concerns where data needs to be held locally for security and/or regulatory concerns. Microsoft is just an early example. There will be other cloud providers that offer a local appliance option over time.
There are many more examples.
The point is that innovation is alive and well and that most of the concerns enterprises have about the security of Cloud computing will be addressed over the next decade — many of them within the next few years – just as happened with the adoption of the Internet starting in 1994.
Category: Cloud Cloud Security Virtualization Security Tags: Cloud Security, Information Security, Microsoft Security, Next-generation Security Infrastructure, symposium, Virtualization Security, Windows