By leveraging virtualisation technology, organisations can achieve better control and visibility in the cloud, an information security leader said during Tuesday's opening keynote at the 2011 RSA Conference in San Francisco.
“It may seem counterintuitive to use the technology enabling the cloud, virtualisation, to secure the cloud,” said Art Coviello, executive vice president of EMC and president of the company's security division, RSA. “But virtualisation is our silver lining in the cloud.”
Organisations are rapidly adopting cloud computing technologies due to business demand, Coviello said. Despite the advantages that cloud computing provides, security practitioners are growing increasingly concerned about their ability to safeguard, govern and manage data in the cloud.
It is widely accepted that perimeter defences are no longer adequate and protecting data is critical, Coviello said. Virtualisation transforms physical perimeters into dynamic, logical boundaries and can improve security by causing it to become an information-centric endeavour.
Also, virtualised environments will allow security to be built-in and automated, he said.
“Achieving this means building security into virtualised components and, by extension, distributing security throughout the cloud,” Coviello said. “Automation will be absolutely essential to enabling security and compliance to work at the speed and scale of the cloud.”
Meanwhile, static security approaches can no longer address evolving threats, such as zero-day malware, he said, adding that virtualised environments can aid this problem by making security risk-based and adaptive.
“In the near future, trusted clouds will employ predictive analytics based on their understanding of normal states, user behaviours and transaction patterns to spot high-risk events and allow organisations to proactively adapt defences,” Coviello said.
The vendor community has been working to apply security principles to their solutions and enable a secure, trusted cloud, he added. If leveraged properly, virtualisation can ultimately surpass the level of control and visibility provided by physical IT.
“You can achieve safety in the cloud,” Coviello said. “We can fundamentally do security differently and better.”