“A new wave of computing is struggling to take hold”, he announced. “It is called cloud computing. We must play an essential role in making cloud computing a secure reality”, Coviello continued, referring his RSA 2010 audience - members of the information security industry.
“[The information security industry] need to leverage technology to enable secure cloud computing. As my dad used to say ‘Everyone wants to go to heaven, but nobody wants to die to get there’. We certainly don’t want to end up in security hell”.
“[The information security industry] need to leverage technology to enable secure cloud computing. As my dad used to say ‘Everyone wants to go to heaven, but nobody wants to die to get there’. We certainly don’t want to end up in security hell”.
RSA’s Coviello stressed the need for a more elevated and expansive vision connecting to the wave of cloud computing, explaining that the power of cloud computing lies in its pay as you go model, and its flexibility. “Cloud computing”, Coviello announced, “has not come a moment too soon”.
“Cloud computing can allow more energy and investment to be directed to a real innovative and competitive advantage”, said Coviello, “but the one thing that’s holding it back is security”.
Referring to a report by CIO magazine, Coviello recalls how more than 50% of participants said that security was their main resistance with the cloud. “Ultimately though, organisations will demand faster and better returns on their IT investments”, he continued.
The main challenge, observed RSA’s Coviello, “is to ensure that security is designed and built into the cloud so that people can make broad use of cloud computing, confident that their transactions are secure”. The information security industry has the opportunity to change the way it delivers security, he said, “and we need to deliver it inside out”.
On a positive note, Coviello predicted that cloud computing will force people to take notice of all of their security needs, rather than focussing only on endpoint security. “We can secure the cloud through governance and policies – we can make data secure”, he predicts.
Putting it into practice
“How do we do this?”, Coviello asked himself. “By enforcing the same policies that we have in the physical world. In the cloud, operations and roles will converge, and virtual machine administrators will play multiple roles.
“Security needs to be built into the fabric, and we have to address the role of people. Virtualisation is the engine of the cloud that will propel us forward – into a journey that organisations will take at their own pace, realising tangible benefits with every step.”
The focus on information – who gets access to what – should be prioritised, Coviello argued. “We need to focus on compliance, insider risk, privileged user control and workflow”. He also said that gaining visibility in the cloud, being able to assess security, and prove compliance were all very important to the success of cloud computing.
In conclusion, RSA’s Coviello admitted that the journey to cloud computing is inevitable, and emphasised the need to “deliver security insider out. We can deliver new ways of efficiency and agility”. Finally, Coviello told his audience that “cloud computing will complete the transformation of IT infrastructure unleashed by the internet. We [the information security industry] must lead, not follow. We have what it takes to embrace the challenge and cease the opportunity”.