Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
12 July 2010  
Untitled Document
Sections

Cover Story
Trend
Case Study
News
News Analysis
Interview
Products
CIO Profile

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Exp.Channel Business
Express Hospitality
Express TravelWorld
Express Pharma
Express Healthcare
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Interview - Article

“Adoption is quicker in the lower-end applications”

Bret Hartman, CTO, RSA discussed cloud security and what was keeping IT heads from using the cloud more extensively with Subhankar Kundu


Bret Hartman

What's your take on the security concerns that IT heads have regarding the cloud?

From a CIO’s perspective, the advantage of cloud computing is huge in terms of cost. Startups, mostly SMEs, are mostly on the cloud model. The reason is that the business model of startups is more tolerant of security concerns.

Security officers or risk officers of any organization are worried about the data protection aspects of the cloud model. When I talk to them, they often ask me if their data is protected on the cloud or to what extent the risk can be managed. These are pertinent questions that we should answer with full clarity. Our focus has primarily been on providing robust security and addressing the concerns of CIOs with regard to cloud computing.

It’s about minimizing those risks because the CIOs can then embrace this emerging technology.

Having said that, any new technology will have its share of concerns which is a natural part of any technology transition. Also, the cloud services that exist today do not have the right things in place.

What are the main areas where these risks need to be addressed?

The three areas where you can address risks are visibility, control and compliance. While talking about visibility, enterprises should be able to see that the sensitive content deployed by the provider has been protected. The second aspect is control which entails that enterprises should be able to set policies in such a way that they get full control on who is accessing the content. They don't want the service providers to figure that out; they would definitely like to control it themselves. The service providers have to ensure that they align with the enterprises’ data access policies. The third area is that of compliance. Enterprises always have the same kind of compliance concerns and there are mission-critical issues that crop up regularly. There are cases where some data dwells in data centers and some on the cloud. The challenge for providers is to demonstrate the compliance of their offerings in such complicated environments. None of these issues are particularly well-addressed today.

CIOs from verticals such as BFSI or government often opine that the cloud is still an immature model on which they cannot rely but providers are going gaga over the concept. So, what’s the future of cloud computing in such an industry environment among stark differences of opinion?

Verticals like BFSI or government have mission-critical applications and sensitive data and there are security concerns. I am not saying that the cloud is not being adopted at all and that demand will suddenly explode in the future.

There are certain factors that will drive gradual adoption over the years. The adoption will be quicker in India because the business culture here allows enterprises to go in for emerging technologies. The last part would be to ensure that we have the right technologies in place and keep expanding operations, going for the right partnerships and addressing the specific needs of different verticals. There is a need to deliver focused product offerings for the enterprise cloud segment. Some providers who are focusing on these critical aspects are to be relied upon but they are few in number.

The adoption is quicker in the lower-end applications which are not vital ones. With these, nobody really cares about risks. However, it saves money to move these applications to the cloud.

What I would emphasize on is about hardening the virtual environment, having access controls in place, having strong authentication, strong interoperability and world-class standards in security. This would help cloud computing to emerge in a big way.

Does RSA have offerings to address these concerns and to ensure robust security in the cloud?

There are three areas of technologies that we focus upon namely identity, information and security management. Authentication technologies, dark cloud or cyber intelligence, anti-malware offerings etc. are focused on the cloud front. What we do is primarily in the identity space as well as in the information and security space such as encryption or data loss prevention. Risk is subjective as to what different organizations or verticals think is actually risky. We talk to two different banks and we get two different views about high-risk zones like levels of authentication, encryption or login. Therefore, our approach is to have a spectrum of different offerings and allow these enterprises to go for the offering that they perceive is the best.

We have new controls for virtual infrastructure security in cloud environments. Concerns regarding security and compliance have been primary factors in preventing large enterprises from placing production workloads on shared virtual infrastructure in the cloud. Even if enterprises are not ready for the public cloud, many of our clients have expressed concerns over mixing security zones or sub zones on internal private cloud infrastructure. Instead of supporting multi-tenancy, the conservative IT organization isolates security zones using dedicated physical infrastructure.

We are also working on a dashboard to give the flexibility to service providers to offer enhanced flexibility to customers.

Does your Indian R&D center contribute significantly to your global offerings?

Indian R&D is big in terms of development, area and head-count. The engineers here at the Bangalore COE work on every development, innovation, product or offering that RSA has. This is about connecting things to bring them together to offer the best and India R&D's contribution has been quite significant.

Most of the development activities have come out of Bangalore. Developments like integration of data loss prevention, the whole activity with Intel and VMware happen out of Bangalore. The Indian R&D team is not just working on the existing products, it is also involved in leadership activities for our upcoming products.

 


Untitled Document
Untitled Document

FEEDBACK: We would love to hear from you -- what you like about our content, what you dont, and even how you think we can improve. Please send your feedback to: prashant.rao@expressindia.com

© Copyright 2001: The Indian Express Limited. All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of The Indian Express Limited. Site managed by BPD.