Yesterday I was an invited speaker at the Cloud Expo Europe 2009. I spoke about “Securing Virtualized Database Assets” highlighting many items covered in an earlier post. It was interesting to be part of a forum that is substantially different from the Information Security forum – no big vendors like McAfee or Symantec. IBM were at the Cloud Expo and Bob Sutor gave a strong keynote. A few of the exhibitors were organizations providing hosting, whilst others were Linux distribution companies (e.g. RedHat and Ubuntu).
The security of a Could computing environment requires the same care and attention to other platforms. As BT's Bruce Schneier says, cloud computing is like existing outsourcing arrangements which require an element of "trust". Cloud computing also provides opportunities for security vendors. It allows them to make use of utility computing plus shared intelligence to provide a higher quality protection in a shorter time window. This approach of putting security in the cloud is what [Trend Micro CEO, Eva Chen, spoke about on our panel session at RSA last month. The collective intelligence plus the accessible compute power provided in a cloud environment can be deployed for non-realtime security functions like email scanning.
There is still much to be sorted out for how data access in the cloud can be performed in a uniform and secure manner. Those organizations that are hosting virtualized databases in the cloud must ensure they are adequately protected.