We’re a few weeks away from the RSA Conference 2010 in San Francisco where I expect the hot topic will be cloud security. Yes, I’m biased, but let’s face it, cloud computing is here to stay. It provides real business value streamlining hardware and software while simultaneously giving IT budgets some breathing room. And it fundamentally changes IT infrastructure and therefore, thus changing the way we secure data.
Yesterday’s security threats used to damage computers and networks. Today’s threats want to steal data and information – credit card numbers, social security numbers, financial information, etc. To confound things, businesses and consumer alike are inundated with data. The amount of data running through today’s global networks is currently being measured in petabytes. Not only is there a lot of data, but it’s now mobile. We have multiple devices on the client side – laptops, netbooks, tablet PCs, smart phones – all capable of receiving data and using applications that reside in the cloud. Data no longer resides on just one server or device. So, how can we ensure that such vast amounts of information are indeed secure? Especially given that at Trend our philosophy has always been to ensure the safe exchange of data and information.
To protect customers from threats from the cloud, Trend turned to the cloud itself to deliver the Smart Protection Network. We needed to overcome two challenges: 1) the explosion in volume of malware and 2) the proliferation of different network devices in the workplace. The cloud allowed us to block threats in the cloud rather than at the device level where giant-sized pattern files would have choked emerging net-based devices. The Smart Protection Network would not have been possible without the cloud as the real-time correlation of threats requires high-performance computing and the goal is to block threats before they leave the cloud itself.
Some in the industry argue that cloud computing will result in security consolidation. But I don’t see this happening. When every layer is decoupling, how can security possibly consolidate? Security needs to be present at every layer to be effective. And what matters most is the protection of data. Businesses don’t care where their data is coming from, but they do care how it’s protected. Businesses today need to ask their cloud providers the following key questions:
- Where is my data?
- Who’s accessing my data?
- Is my data being modified?
This new environment requires security innovation. This innovation has to be evolutionary rather than revolutionary. IT departments want to leverage the cloud, but security that “fits” their needs has to be there for them to make this jump. They also realize that if they don’t make a Secure Cloud available to their internal customers, those customers will go around them and get access to the cloud without them, and perhaps without the security that’s required to ensure adequate protection. We see the need for security innovation in the following areas as they are all focused on the movement of data across physical servers, endpoints and devices:
- Cloud computing, including SaaS, PaaS and IaaS
- 3G network/net devices
If you’d like to learn more about where Trend is going in these areas, please come by our booth at RSA. I’ll be on hand along with my esteemed colleagues, Raimund Genes, Wael Mohamed, Steve Quane and Tom Miller to answer your questions about securing the cloud.
RSA 2010 iPod touch sweepstakes clue #1: Deep Security with CPVM