Virtualize Securely - VM Introspection and Automated Security in Action

Johnnie Konstantas

Subscribe to Johnnie Konstantas: eMailAlertsEmail Alerts
Get Johnnie Konstantas: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Dear government, legislate cloud security now

Organizations need a reference architecture by which they can size up cloud computing architectures.

Microsoft has been making headlines lately advocating for data privacy and protection in cloud computing with the US Congress. Their efforts, coupled with the recent breaches seen at Amazon’s EC2 and Google China, highlight the enormity of the risks associated with taking data to the cloud.

I believe there is a general consensus that cloud computing is here to stay — the economic benefits and breadth of offerings are much too compelling. In fact, even Vivek Kundra, before becoming the CIO of the federal government, implemented the use of cloud services as chief technology officer of the District of Columbia. Microsoft is right to raise the alarm here. As I see it, we’re already behind the pace for protecting our cloud-based data.

Here is the situation. There are 85 cloud service providers and counting. Their offerings span SaaS, PaaS, IaaS, cloud monitoring and management, specialized hardware and any combination thereof. For consumers of these services, even the best informed customers can be confused as to what the provider offers in terms of cloud security, what they are securing in the cloud, and who is responsible for configuring and managing that security (the cloud computing user or the service provider).

Next you have different types of clouds — private, hybrid, public etc. Cloud management can span multiple departments, organizations and entities so implementing security consistently is extremely difficult.

Finally, cloud adoption is outpacing forecasts. The state of the economy is fueling cost cutting in the form of data center consolidations, IT cutbacks and outsourced services all of which promote cloud adoption and at rates more rapid than initially forecast. See Gartner predicts that 20% of all businesses will own no IT assets by 2012.

Bottomline — The only answer today of how secure is data in the cloud is “It depends.” What cloud service is being used? Who is the cloud provider? How much of the cloud is outside one’s control?

“It depends” may be a satisfactory answer when referring to Facebook photos and hosted email, but it is wholly unacceptable if cloud computing is to become the de facto architecture that banks and healthcare providers, for example, trust for their data centers.

So while Microsoft is calling for federally mandated updating of legislation that protects our information in the cloud, those adopting clouds today need to do their homework to know what “it depends” means for their particular use case. The rest of us need to get a move on. Organizations need a reference architecture by which they can size up cloud computing architectures. And to our government, citizens need you to insure their piece of the cloud.

Read the original blog entry...

More Stories By Johnnie Konstantas

Johnnie Konstantas heads Gigamon’s security solutions marketing and business development. With 20+ years in telecommunications, as well as data and cybersecurity, she has done a little bit of everything spanning engineering, product management and marketing for large firms and fledglings.

Most recently, she was the VP of Marketing at Dato, a company pioneering large-scale machine learning. She was also VP Marketing at Altor Networks (acquired by Juniper), an early leader in virtualization security and at Varonis Systems. Past roles have included product management and marketing for Check Point, Neoteris, NetScreen and RedSeal Systems.

Johnnie started her career at Motorola, designing and implementing large-scale cellular infrastructure. She holds a BS in Electrical Engineering from the University of Maryland.