RSA executive vice-president Art Coviello (pictured) announced the RSA Cloud Trust Authority at the opening keynote of the 20th RSA Conference in San Francisco overnight while he touted virtualisaiton as the answer to securing the cloud.
A portfolio of cloud-based services using technologies across the EMC portfolio including VMware, the Authority would facilitate the secure and compliant relationships among organisations and cloud service providers and would enter beta later this year.
Coviello, who this week relinquished his role as RSA president, reminded the audience of last year's conference theme, "promise of a secure cloud", by extending it to this year's theme of "proving" it.
“The proof comes when by leveraging virtualisation technology, we demonstrate better control and visibility the key elements of trust in cloud environments,” he said. “Virtualisation is the silver lining in the cloud. If leveraged properly virtualisation can also be the pathwy of surpassing the level of control and visibility that physical IT offers.”
Detailing his premise, Coviello said in virtualised environments boundaries were "logical" and information centric rather than "physical"; in clouds security must be built-in and automated and thirdly, security becomes risk‐based and adaptive in the cloud.
“It may seem counter-intuitive to use the technology enabling the cloud, virtualisation, to secure the cloud. But we can,” he said.
To share the proof Coviello invited Richard McAniff co‐president and chief development officer of VMware who launched into a three stepped approach that organisations take when they virtualise: discover, resilience, and security.
McAniff said, "Security systems today are built on the notion of a static infrastructure and applications are attached to this static infrastructure. Virtual machines however are by nature dynamic: adjusting to load, memory usage, storage, compute and networking requirements as defined by an SLA.
"It is critical that we automate many of the security policies especially in a world where applications can migrate from one data centre to another at the speed of light. Security is also built on the pulled rules. It’s critical that we automate many of these security policies. The key to automation is to simplify these rules," he said.
In response, Coviello said the challenge wan't providing that visibility and control, but doing so across multiple providers.
"Organisations will likely partner with multiple SaaS, PaaS and IaaS cloud providers, it would be useful to achieve control and visibility without having to implement multiple point‐to‐point integrations to achieve that goal; hence, the introduction of the RSA Cloud Trust Authority."
The beta which goes live later this year would see an initial Identity Service powered by VMware’s forthcoming Project Horizon designed to enable a customer to manage secure user access and user provisioning to multiple cloud providers via federated single sign-on and directory synchronisation.
Compliance Profiling Service which used Archer GRC platform will be engineered to enable customers to view the trust profiles of various cloud providers against a set of common benchmarks developed by the Cloud Security Alliance among other security frameworks.
* The writer attended RSA Conference as a guest of RSA.