Product Group Tests
Cloud and virtualisation
Full Group Summary
The future looks mighty interesting. There are several trends in virtual and cloud security that are beginning to emerge that are worth mentioning. Probably the most interesting is the acknowledgment that not all virtual data centres are all virtual. Some are hybrids and need to be managed just like software devices.
The second trend is that it now is quite practical to secure VMs in the cloud just as one would in one's own software data centre. This is important because security in just about all public cloud implementations is the responsibility of the customer.
Another trend is the use of sophisticated analytics. Judy Traub, our intrepid project manager, did a bit of looking at products that do behaviour analytics and came up with a batch that fit the description.
Also, we are beginning to see cloud services that are secure versions of remote storage providers, such as DropBox. The problem in the past is that if you wanted to add significant security features to one of these, you were forced to give up some functionality. Now, we are beginning to see providers that offer both the functionality and the security.
Moving to the cloud
So what does this portend? First, this is a major step toward the maturing of the software data centre. Being able to secure a virtual environment in a public cloud is a big deal. If we, as users, have to take the responsibility for security, we need the tools to do that. In a public cloud, there are real limitations on what we can and cannot do. The evolving trend in that regard has been to provide increasingly granular tools that depend less and less on anything controlled by the cloud provider.
Second, it removes one of the last barriers to moving to the cloud: lack of trust. When asked why they have not moved to the cloud, a number of businesses quote security as their main concern. If we think of a software data centre simply as a private cloud, we find the same issues.
You may have control over the hypervisor - you don't in a public cloud, of course - but you still have a shared environment. It's just that now you know who the players are.
I always get a kick out of the idea that the "cloud" is some advanced, mysterious technology, such that now that we have it, life in the IT shop will be magically transformed, security pros can leave the dirty work to someone else, and costs will miraculously trend all the way down to nothing. It reminds me of a New Yorker cartoon that shows two men standing in the middle of what, presumably, was a data centre. The caption: "Well, that does it, Charlie. We've outsourced everything."
The fact is that the cloud is nothing more than a software data centre, managed by someone other than the users within which users can buy computing services. If that sounds to you a lot like the time-share systems of the 1990s and before, you'd be very close to reality. The trouble now - and the trouble then - is that it is not so much the technology being used that is worrisome, it's the business construct. Because that, really, is all a public cloud is: a virtual data centre and a particular business construct.
In a rapidly emerging market, if you're not innovating you're in danger, and if you are not moving forward you are taking the risk of becoming obsolete. So, when you start looking for security products to protect your virtual assets - whether they are in the cloud or in your own software data centre - look at what these products can do.
- Peter Stephenson, technology editor