Vinay Wagh of The Datacenter Journal recently discussed why “secure public cloud” is not an oxymoron. In his article he points out that cloud data security is still a large barrier for many enterprises.
Traditionally security has been all about physical control, but that is not the case in the world of cloud. Mr. Wagh comments, “security and IT organizations must come to terms with the fact that they no longer have direct control over the physical infrastructure of their cloud operators when it comes to securing their assets, apps and—most important—data that is now distributed among private cloud, public cloud, SaaS, PaaS, IaaS and MSP environments accessed by millions of end points.” Not only is data distributed but cloud service providers and enterprises work in a shared-responsibility model.
Mr. Wagh prescribes a datacentric security model for cloud data management. He highlights the following capabilities needed for this cloud data security model:
- Ability to create an independent virtualization layer that isolates applications and data from other tenants
- Ability to enforce security policies across any boundary consistently
- Offer programmability, Mr. Wagh defines as “essential security services—such as automated network configuration policies to ensure that no resources can ever be launched in an Internet-facing mode—must be logically “baked into” software. Doing so ensures that all data is opaque and inaccessible, even to the underlying public-cloud provider, while still allowing enterprises to fully employ the capacity offered by cloud operators”
- Ability to offer always on, always enforced security measures that are in many ways transparent to the user
- Ability to define and establish “trust anchors” that allow the enterprise to enforce security across platforms
Mr. Wagh summarizes, “security measures must move with the data while giving enterprises full independence from the underlying infrastructure provided by cloud service providers. In addition, these security measures must provide cloud customers with a root of trust under their direct control, as well as consistent security policies regardless of where data resides.”
Share your thoughts.