Product Group Tests
Emerging products: Cloud security (2013)
The majority of security challenges associated with cloud computing are beginning to be addressed.
Full Group Summary
The cloud is enabled by virtual systems so why would cloud security be any different from virtual system security? Really, it is a matter of perception. If you are the cloud provider, your focus is on your virtual infrastructure, says Peter Stephenson.
We are now seeing the virtual environment from the customer perspective. While we certainly care about the ins and outs of the virtual systems our provider uses to create its cloud, we are primarily focused on our data. After all, the promise of the cloud is that it will replace our expensive, bloated physical data centres. The cloud is the extension of the virtual world, which is going to replace those data centres.
What does not change is that our data - whether it is on a physical or virtual server or the cloud - still needs protecting. It would be nice if that protection, regardless of what is under the covers, could look much the same to us no matter what the environment. In our last emerging products review we saw that working out well for virtual data centres. Several, if not all of the vendors I spoke with last time, told me that an important design goal was to look, act, behave and protect in the virtual, just as we have been used to seeing and using for many years in the physical.
So, this time the question is: Do the vendors of cloud security do the same thing? The answer is, pretty much, yes. The goals of these products are the same. The next question is: How well do they do it and how close does it mimic the old ways of security in the physical realm? There are a few interesting challenges to answering that one. Firstly, one of the things that we have come to expect in the physical is end-to-end security within the enterprise. That means that we need to secure everything - from the endpoints to the perimeter gateway. Additionally, we need to look at email, web, malware, etc.
Over time, the notion of defence in-depth has matured in the physical world and, to some degree, in the virtual world as well. As long as everything is on-premises, the task of end-to-end security is quite straightforward. However, when we move out into the cloud, it is not quite so simple. The big reason is that we no longer control our environment. We cannot, for both technical and contractual reasons, manage the configuration of the cloud. We may have some control over our individual virtual servers but overall there is nowhere near as much control as we are used to having.
So, the answer may be wrapping our data in security and not particularly caring what happens in the cloud infrastructure itself. After all, we cannot control that, so let's look after what we can control. That is the premise behind most, if not all, of the products we are looking at in this review.
These products assume that the user cannot control anything, wants a completely transparent experience and just needs to get their job done, conveniently and safely from anywhere in the world. There actually is, conceptually anyway, a simple way to do that. Encrypt everything in the cloud, give an encrypted tunnel to the users, and do not allow them to connect to anything but the cloud. That way the cloud actually protects the user, sometimes from themselves. As we found out, it actually works.
The vendors we looked at address the problem in a variety of ways. Some are specific, while others are much broader. That mimics the physical world almost exactly. So if your big problem is email, and you do not put a lot of data in the cloud, there is a product for you, especially if you outsource your email to a cloud vendor, such as Microsoft.
If you have a broader issue and you are sending everything to the cloud and turning your data centre into one big communications house, you need a different solution to your security problems, and there is one of those here too. Really, the majority of challenges associated with cloud computing are beginning to be addressed - smartly, economically, and best of all, by employing good security practice. I guess this cloud thing is coming of age faster than we thought.