The number of malls in the city of Bangalore has increased considerably over the last year with a spate of new shopping malls opening across the city. This weekend, my wife and I decided to check out one of the new malls that opened close to our house.
We normally get our groceries from the nearby local grocery store. We have been buying from this store for many years that the shop owner was now like a family friend of ours. Not only does he know lots of our family details but also knows exactly what variety and amount of rice, wheat or pulses that our family needs for a month. So whenever we visit his shop, we would have our regular list of groceries and he would remind us about anything that we missed. We never had the need to check the bill and verify the items or prices. We trusted the shop owner that he would have done it right and applied all the discounts for us. If it all anything was missing, we would always get it adjusted in our next visit.
The department store in the new mall had pretty much everything under the same roof – groceries, vegetables, fruits, processed food, garments, shoes, electronics and electrical items. We bought a cart full of items – some of which we actually needed and others that the “buy one get one free” offers made irresistible. The man at the counter never knew us nor was he interested in knowing about our family details or the variety of rice that we preferred. He scanned all the items and gave us this long bill. Once we reached home, my wife checked the bill against the items – to verify that we got all the items and all the discounts as well as “buy one get one offers” applied correctly in the bill. As for her, she trusts the local grocery store but not the department store at the mall!
From a user perspective, cloud computing is like the superstore in the mall which is providing a large catalog of essential services. The provider is servicing multiple clients and making it harder to maintain data integrity and privacy, support data and service availability, and demonstrate compliance for individual clients.
If you look at any of the cloud presentations or customer surveys or analyst reports you will find the top most concern that everybody seems to agree on as a challenge with cloud is security. But when we probed our customers further, the real reason was not essentially security but trust. The need is for transparency and visibility to the resources to allow the customers to make cloud a core component of our IT infrastructure. The cloud consumers want their cloud providers to give them a view of their security compliance and risk posture in the cloud. To gain the trust of organizations, cloud services must deliver security and privacy expectations that meet or exceed what is available in traditional IT environments.
What is required is that the provider must ensure that the infrastructure is secure and that their clients’ data and applications are protected, while the client must ensure that the provider has taken the proper security measures to protect their information. In fact, in most cases, the cloud environment is even more secure than a traditional datacenter and the security standards and technologies implemented by the cloud provider surpass the enterprise-class security currently implemented by some companies. The challenge is how to make the consumer aware of this built-in security in the cloud and win the trust of the customer.
So what can the vendors do to win the trust of the clients so that they adopt Cloud?
Trust in cloud can be established with the same principles that we use for traditional service management (read my earlier post on Cloud Computing Central for details):
- Visibility – The ability to see everything that’s going on across the infrastructure
- Control – The ability to keep the infrastructure in its desired state by enforcing policies
- Automation – The ability to manage huge and growing infrastructures while controlling cost and quality.
While control and automation are important, how to provide visibility to their clients is the challenge providers are grappling with. There are also quite of lot of tools and technologies already available that integrate security with the cloud management stack that address the control and automation requirements.
Visibility in the context of security is the ability to show what’s happening with the client’s resources on cloud – including the infrastructure, the data, the people and the applications as well as the endpoints. With visibility, cloud customers are guaranteed that only authorized persons have used specific infrastructure, information and applications as well as how they have been protected for confidentiality and privacy. With a well designed cloud security framework, the service providers can provide their customers not only the visibility to their resources but also the ability to meet their security mandates (such as PCI or HIPAA) to run regulated workloads on cloud and even allow independent audits. Such a Trusted Cloud would be what the customers would love to put their workload on.
But for the cloud service provider, doing all of these would mean lot of manual processes to address audit and governance requirements for multiple customers. This would be quite time consuming and repetitive in nature apart from being resource intensive, costly and generally a motivational drain for everyone involved.
This is where the IBM Security Intelligence Platform comes in handy. For instance it is easy to leverage IBM QRadar Security Information and Event Management (SIEM) capabilities for managing the logs of virtual infrastructure as well as building the security intelligence for your cloud. With this capability, the security logs from all the virtual and physical appliances and hypervisors as well as management tools in the cloud can be collected and correlated in near real-time to provide security intelligence.
While my wife is still verifying the superstore bill to make sure that we got all the “buy one get ones” we know the corner shops are becoming a thing of the past with few things to offer and the mall is fast becoming the choice of users for most other things. Likewise with trusted clouds that have built-in security intelligence and visibility, we will see more customers moving several of their workloads to cloud.