Cloud security, cyber war loom over RSA Conference
Friday, March 5, 2010 11:15SAN FRANSISCO — Cloud security loomed over the RSA Conference this week as a major concern of business, but worry about the threat of cyber war was also strong, with officials from the White House and FBI weighing in to encourage private participation in government efforts to defend information and communications networks.
During the highest profile panel at the conference, a former technical director of the National Security Agency bluntly said he doesn’t trust cloud services. Speaking for himself and not the agency, Brian Snow said cloud infrastructure can deliver services that customers can access securely, but the shared nature of the cloud leaves doubts about attack channels through other users in the cloud. “You don’t know what else is cuddling up next to it,” he said.
[ Microsoft CEO Steve Ballmer is betting Microsoft's future on the cloud. | Security vendor McAfee warns that cyber criminals are targeting source code management systems. | Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: First Look newsletter. ]
In his keynote address, Art Coviello, the president of RSA, the security arm of EMC, agreed that customers need to be assured the cloud is safe. Coviello told the 4,000 attendees gathered for his talk that cloud services will inevitably be adopted widely because of the huge financial benefits they offer. “But you won’t want any part of that unless service providers can demonstrate their ability to effectively enforce policy, prove compliance and manage multi- tenancy,” he said.
The big problem is trust, he said. His own company announced at the show a partnership with Intel and VMware to improve trust by enabling measurement of cloud providers’ security. The effort would let customers of cloud infrastructure services weigh the security of the service and get metrics to deliver to auditors who are sent to determine whether businesses comply with government and industry security standards. “Service providers should be able to tell compliance officers and auditors just about anything they need to know — with verifiable metrics,” Coviello said.
But warnings about other cloud threats came through loud and clear. At the Cloud Security Alliance (CSA) Summit held earlier in the conference, for example, the CSA announced a report on its top concerns about cloud security, and they were major, including documented use of cloud infrastructure-as-a-platform to launch botnets.
