It's time again to look in the cyber-crystal ball
Peter Stephenson, technology editor, SC Magazine
As most of you know, the Emerging Products group is one of my favorites, and now that we've changed up the format I get to see the newest toys in whatever category we're looking at – in this case virtual and cloud security – in a bit more detail than in the older format. That's pretty good news this time because the entire field of virtual and cloud security is really in its infancy. That means that a close look at what is coming out now is a look at what the future might look like.
In this case the future looks mighty interesting. There are several trends that are beginning to emerge that are worth mentioning. Probably the most interesting is the acknowledgment that not all virtual data centers are all virtual. Some are hybrids, meaning that there still are some physical devices hanging around and they need to be managed just like – and, preferably, under the same pane of glass – as the software devices.
"...we are beginning to see cloud services that are secure versions of remote storage providers..."
The second trend – and this has been coming for a while – is that it now is quite practical to secure VMs in the cloud just as one would in one's own software data center. This is important because security in just about all public cloud implementations is the responsibility of the customer.
Another trend that I find interesting, but that is not as widespread as we would expect, is the use of sophisticated analytics. To clarify, not as widespread in this group. However, Judy Traub, our intrepid project manager and a pretty geeky lady in her own right, did a bit of looking at products that do behavior analytics – that is what we're talking about here – and came up a batch that fit the description. So this is a trend, but not one that is obvious for the products that we look at this month.
While this probably is not a trend, we are beginning to see cloud services that are secure versions of remote storage providers, such as DropBox. The problem in the past is that if you wanted to add significant security features to one of these, you were forced to give up some functionality in favor of security. Now, we are beginning to see providers that offer both the functionality and the security.
So what does this portend? First, this is a major step toward the maturing of the software data center. Being able to secure a virtual environment in a public cloud is a very big deal. If we, as users, have to take the responsibility for security, we need the tools to do that. In a public cloud, there are real limitations on what we can and cannot do. The evolving trend in that regard has been to provide increasingly granular tools that depend less and less on anything controlled by the cloud provider.
Second, it removes one of the last barriers to moving to the cloud: lack of trust. When asked why they have not moved to the cloud, a decreasing – but still important – number of businesses quote security as their main concern. If we think of a software data center simply as a private cloud, we find the same issues. So, public or private, a virtualized – cloud – environment needs a granular solution to the risks posed by weak security.
And just because it's your cloud does not mean that you can be any less vigorous defending it. You may have control over the hypervisor – you don't in a public cloud, of course – but you still have a shared environment. It's just that now you know who the players are.