RSA challenges traditional Cloud computing thinking security need evidence don't promise

Mr. Asser Covillo, Executive vice President of EMC Inc., EMC Information Security Division, and executive chairman of the RSA Board of Directors, NYSE:EMC at the opening keynote address of the RSA Conference, described how to end the corporate strategy of cloud computing's lack of trust. Because of the lack of trust, many enterprises always hesitate to deploy mission-critical applications in the cloud environment.

Not just through keynote speeches, but also in the new EMC Vision Book (EMC Vision Monitors), released today, entitled "Proof of Commitment: Building a trusted cloud," EMC has challenged traditional cloud thinking. EMC firmly believes that the cloud can meet the requirements of any business process for information security, compliance, and performance, even if the strictest requirements, such as PCI, are no exception. However, to make the cloud credible, you must be able to personally inspect and monitor the actual situation of the cloud, not just external proof. Such a credible cloud can be achieved only by rethinking the long-standing idea of information security and using existing technologies in an innovative way.

Figure: RSA 2011 conference scene, full 20,000 people packed

Mr. Covelo said: "Today, the primary information security challenge for enterprises leveraging the cloud environment is to make the cloud controlled and visible, which is the fundamental issue that EMC is committed to addressing." Our commitment is that you can achieve cloud security and that we can fundamentally achieve information security in ways different from the past. If we can achieve the control and visibility of these key elements of building trust in virtualized cloud environments, this can be verified whether this cloud environment is internally managed or provided by external partners, proving that such trust can be built.

In the past few decades, the IT computing model has shifted from mainframe, customer-server to Web. As with these transformations, says Mr Covelo, the fundamental goal of virtualization and cloud computing is security, and that has never changed, that is, in a manageable and manageable system, the right information is provided to the right people through a trusted infrastructure. However, because of the vastness of virtual rather than realistic cloud infrastructures, there are a number of variables in the 3 aspects of information, identity, and infrastructure that are the status of the IT sector, which also leads to control and visibility issues.

Mr. Covelo said: "Virtualization is a glimmer of light in the cloud, because virtualization enables the cloud to transcend the degree of control and visibility that real IT systems can provide." By consolidating multiple systems onto a single platform, the enterprise obtains a centralized control point to manage and monitor the components of all virtual infrastructure. "

Mr. Covelo that the proper use of virtualization as a tool makes the entire virtual environment of the enterprise unparalleled visibility and controllability, and transforms it into an indispensable resource for improving information security and compliance. There are 3 ways to properly use virtualization:

Logical AND information-centric security, defining logical rather than physical boundaries, and focusing on protecting sensitive information and transactions rather than infrastructure. Security is essential for

to be built into the infrastructure and applications, while security management controls are highly automated to make information security and compliance work at the speed and scale of the cloud. Implementing such security means placing security in a virtualized component and extending it to spread security across the cloud.

based on risk and adaptive security, enterprises can reduce their reliance on static rules and features, and instead use real-time data analysis to predict security risks and make adjustments proactively.

Mr. Covelo finally said: "In these 3 ways, we can achieve a higher level of control and visibility to produce key evidence, and if you want to build trust, then this evidence is on the line." The first time an enterprise can check and verify that each situation is the highest standard of a trusted cloud. This is a standard based on evidence rather than commitment. The