Neil MacDonald from Gartner often writes and speaks about the security problems around vritualization and now cloud. In the following blog post:
He gives observations from Gartner’s US 2011 Data Center Summit. “Interest in securing the next-generation virtualized data center remains high and the focus is shifting to how to separate workloads of different trust levels”. He believes that we will need software-based virtualized security controls. Different solutions are needed at different layers of the stack from the executing VMs down to the storage, backups, …
He also raises two important points:
- “In terms of cloud security, most questions revolved around extending enterprise virtualized data centers to public cloud IaaS providers in hybrid scenarios and how to protect this.“
- “The second most common cloud security issue discussed was the use of encryption and other approaches to securing data in the cloud. Since cloud isn’t one thing, our approaches to securing data in the cloud will be different at different layers.“
This echoes what I hear in many of the conversations I've had over the last several months. There is an overwhelming desire to utilize the public cloud but much caution around how to do so securely. The more savvy organizations are not going to put anything in the cloud if it’s not encrypted and they want to hold the keys. When asking one specific enterprise what they thought about S3 encryption the answer came down to key management – if they don’t hold the keys, it’s of no use to them
No comments:
Post a Comment