Security for the Cloud

In the past several weeks I blogged about the cloud computing market, virtualization trends, and the mobile and technology trends that cut across them, including identity management and provisioning.

Today I’ll touch on security. In my post here I discussed the concept of security for everything “outside the company’s walls”, which is what both cloud and mobile encompass. In retrospect, this is incorrect, since private cloud has a large impact on internal IT provisioning inside the firewall as well, and cloud security actually starts with security inside the data center first.

In any case, cloud and mobile security require a few things:

• Virtualization security. Underlying the private cloud are hypervisors from VMWare, MSFT and others. The key to private cloud enablement is vendors focused on securing virtual workloads and virtualized data centers. These include Catbird, Hytrust, Reflex Systems, Altor and others. Some of these issues are discussed in this Network World article.
• Securing SaaS applications. Many private cloud-based applications are offered to users via a browser, and of course public cloud-based applications are as well. Therefore, protecting that interface is key for cloud security.
   
• Data security. Once you start talking about the public cloud or hybrid clouds, you need to ensure you have serious data encryption and understand security compliance standards at the third party data centers where your data resides.
   
• Device management and security. For mobile, it’s key to run software that secures the actual mobile device. You should enforce policy concerning what should be placed or not placed on each device. Encrypt and enable or disable applications on mobile devices as appropriate. Vendors like Mobile Iron and Zenprise (both backed by venture capital investment) along with others are players in this space.