SMARTER STRATEGIES

Cloud Security Preludes Major IT Deployments

R. Colin Johnson | Date: 02-28-11 | Comments

While IT in every enterprise has at least considered cloud computing, making the move to deploying a major application will require cloud-based security that rivals dedicated servers.

Today most enterprises are making only limited use of cloud computing capabilities, delaying major switchovers until the measure of security enjoyed by dedicated in-house servers can be duplicated by virtualized servers, storage and applications in the clouds.

According to Gartner, over 60 percent of U.S. enterprises will be evaluating cloud-computing services over the next 18 months. Yet major deployments by IT to cloud computing facilities will be metered out in proportion to how secure clouds can be made in comparison to existing in-house servers.

"More comprehensive security capabilities is a prerequisite for getting organizations to adopt cloud-based services for more complex, business-sensitive, and demanding purposes," said Forrester Research in its latest report: Security and the Cloud.

A few requirements are obvious, such as data encryption (since storage space will be shared with other enterprises in the clouds). However, the "rules of the road" are far from obvious when considering how to develop the level of trust IT now enjoys for in-house servers that cannot be easily replicated in the clouds.

Cloud computing can distribute the secure-authentication, encryption and communications tasks that IT once centralized by in-house data centers.

"Encryption is enjoying a resurgence because it's one of the fundamental ways of exerting ownership of your data�you can dictate the terms by which people access that information," said Dean Ocampo, Solutions Strategy director at SafeNet, which claims that over 80 percent of worldwide inter-bank financial transactions use its encryption algorithms.

"Security personnel are used to having a process for cash management, a process for personnel management and a process for auditing, but you can't control your processes in the clouds. You can't inspect the server logs. You can't control the firewall. All of those things are missing when you move to a cloud, making it extremely difficult for security professionals to control the whole food chain of information. Encryption is a way of reasserting that control."

Encryption is one essential component, but major cloud providers like Amazon are working with SafeNet to offer an integrated security solution that recovers most if not all of the control lost by moving to the clouds. Recently, Amazon's Elastic Compute Cloud (EC2) and Virtual Private Cloud (VPC) introduced the integration of SafeNet encryption for virtual storage and virtual servers. SafeNet's solution is also certified for both VMware and Xen hypervisors.

"When using cloud services, IT doesn't own the switch fabric, it doesn't employ the personnel that manage the switch fabric, it doesn't own the servers, but the framework is the same�the trust just needs to be built into the enterprise's cloud computing fabric," said Ocampo.

What SafeNet calls its "Trusted Cloud Fabric" supports traditional data centers, private clouds, public clouds and hybrid cloud infrastructures.