Coviello’s keynote, titled “Trust in the Cloud: Proof not Promises”, began with a humorous recap of past RSA Conference topics that received much hype, but fell far short from delivering on their promises.
Now in its twentieth year, the RSA Conference has seen its fair share of glorified technologies. Some of the most noteworthy, recalled Coviello, included smart cards and public key infrastructure (PKI), which he added, “failed to reach ubiquity”. He then insinuated that the recent buzz surrounding cloud computing would not follow a similar fate when surveying today’s rapidly changing IT environment.
“We now recognize the limitations of perimeter defenses, and the need for information-centric security having become conventional wisdom.” Coviello noted that to be information-centric, security controls must be more intelligent, flexible and dynamic. “To be cost-effective”, he stated, ”security infrastructures must be grounded in a thorough understanding of risk, balancing the elimination of threats with materiality and probability.”
He added that new threats can be addressed by developing a “cooperative ecosystem” industry-wide. “Despite day-to-day competition”, Coviello continued, “vendors must integrate technologies, industries must share best practices and threat intelligence, and governments must cooperate with one another and with the private sector.”
The goal of security, said the RSA chairman, is to get the right information to the right people, over a trusted infrastructure. In this vein, Coviello asserted that by leveraging virtualization technology to its fullest capacity, proof of safety in the cloud can be achieved through increased control and visibility – what he called “the key elements of trust in cloud environments”.
Contrary to widespread fear surrounding the cloud, if implemented properly, virtualization can be the “silver lining” in the cloud, said Coviello. “Virtualization can be the pathway to surpassing the level of control and visibility that exists in today’s physical infrastructures”.
He subsequently outlined three areas where the cloud and virtualization can improve security: it can make security logically information-centric; security becomes built in and automated; and security becomes risk-based and adaptive.
Coviello predicted that in the near future, trusted clouds will provide predictive analytics that will allow for proactive security defense via the analysis of anomalous events and monitoring typical user behavior and transaction patterns.
Regardless of fear and uncertainty surrounding cloud security, Coviello has observed organizations still moving to the cloud for the obvious capital expenditure savings.
Cloud providers can’t just provide a promise of security. There must be proof, including visibility and control, concluded Coviello. RSA has introduced its RSA Cloud Trust Authority that integrates VMware and RSA technology, along with technology from Intel and Cisco, Citix, and other vendors.
He ended by imploring the industry to build up a larger infrastructure of providers to enable an effective ecosystem of trust in the cloud.
“Trust in the cloud is achievable” Coviello asserted, “not just in some distant future, but today”. And the industry as a whole, he believes, is well on its way to accomplishing this.