Trust in the cloud is achievable says Art Coviello, executive vice-president of EMC and newly named executive chairman...
of RSA, the security division of EMC.
"We are well on the way to achieving this," he told the opening session of the RSA Conference 2011 taking place this week in San Francisco.
It was clear from the current trends that virtualisation and cloud computing will shape the evolution of security dramatically and positively in the years to come, said Art Coviello.
Looking back at recent RSA conferences, he said the idea of information-centric security - that was once new and forward-looking - had now become entrenched in conventional wisdom.
Virtualisation can meet the security challenges of data proliferation
So too had the need for a co-operative ecosystem within the security industry, between governments and with the private sector, as the only way to counteract a sophisticated and organised cyber criminal economy.
Other significant challenges, said Coviello, included the tidal wave of information being created, the proliferation of online identities, the loss of visibility and control as network boundaries disappear, the emergence of persistent non-signature based threats and internal threats and the ever-increasing compliance requirements.
"Virtualisation and cloud may appear to complicate matters even further, with confusion and fear around these issues holding many companies back from moving to cloud computing," he said.
It may seem counterintuitive - as it once seemed counterintuitive to reach the east by sailing west - but virtualisation is the key to making information more secure, said Coviello.
"Virtualisation technology is the silver lining in the cloud. If used properly, virtualisation provides a way of surpassing the levels of visibility and control we have today," he said.
First, virtualisation enables machines to adapt security to payloads that carry policies with them. Second, security can be built into the virtual infrastructure, automated and distributed throughout the cloud with best practices built into management systems. Third, security can become risk-based, adapting to workloads, environments and threats dynamically in a way that is not possible in the world of static infrastructure.
"We are now at an inflection point of this promise of improved security in a virtualised environment being applied with heightened levels of visibility and control," said Coviello.
In an attempt to help organisations make the inevitable move to cloud because of need for lower costs, greater efficiency, improved resiliency, business agility and dynamic security, RSA has announced a set of cloud-based services.
The RSA Cloud Trust Authority (CTA) services are to be available in beta in the second half of 2011 to help businesses adopt cloud computing for mission-critical applications and sensitive information.
Coviello emphasised the need for industry collaboration, pointing to the initial partnership with VMWare on the CTA, with others on initiatives aimed at establishing trust in the cloud between business and service providers.