News

RSA Keynote: Cloud's Future Depends on Security

Cloud computing has the ability to complete the transformation of information technology that was started by the Internet, but its success depends on security, said Art Coviello, RSA president and EMC Corp.'s executive vice president, on Tuesday in his opening keynote of this week's RSA Security Conference.

"The journey to the cloud is inevitable, and we are going to have to secure it," he said.

Cloud computing has the ability "to make sweeping changes in the infrastructure" by freeing organizations of the need to spend two-thirds of their IT budgets on basic expenses. Instead, they can invest in resources on-demand, he said. "But we have to be careful we don't end up in security hell."

Scott Charney, Microsoft's vice president of trustworthy computing, said cloud computing has new implications for the company's 9-year-old Trustworthy Computing Initiative. It moves the goal of end-to-end trust out of the PC or the enterprise and into a new environment where no one entity has access or authority. Identity authentication and privacy will be the key elements in enabling cloud computing, Charney said. 

RSA has announced an initiative with VMware, Intel and Archer Technologies to enable the visibility into cloud security that will be required to ensure that policy and regulations can be enforced in the virtual environment. Microsoft has announced that it is making cryptographic algorithms for its U-Prove minimal disclosure ID management scheme available for use under an open source license.

Coviello said the security industry has the opportunity to ensure that security is built into cloud computing from the beginning so that it can be used to its full potential. "People must be able to trust the cloud," he said.

In this early phase, there is little critical information and few critical applications being used in the cloud, so security requirements have not yet been demanding. But as adoption expands and risks increase, "security will get pushed down the stack, deep into the virtual layer," he said. As resources are outsourced, the ability to enforce and document policies, and demonstrate regulatory compliance will be needed, he said.

The movement of data into a virtual environment not controlled by individuals requires a rethinking of how we approach identity management, Charney said. Enabling security along with privacy requires the ability for a user to prove the minimum necessary information about himself during a transaction, without exposing unnecessary information. That is the purpose of the U-Prove scheme. It is "claims-based" identity system based on proving certain claims about the user without including the entire identity if not necessary.

Charney warned there are also social, political and legal issues that will have to be addressed as more data moves into the cloud.

"The cloud has the ability to alter the balance of power between the individual and the state," he said. "Everything will go to the cloud. Government and litigants can go to the cloud and get that information without coming to the individual."

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus