294 Cloud Computing
protection, this is the biggest concern of organizations
and individuals using these services.
Jim:
As I said before, it’s all about assessing the capabilities and
integrity of the provider that we choose, in addition to
ensuring that they have the security staff and privacy con-
trol and protection expertise that can be leveraged to
make up skill sets and security hardware and software that
either we currently don’t have or can reduce if we are
using a third party. As a recent Gartner report stated,
there are seven primary focus areas that we need to
address with the cloud vendor that we chose: privileged
user access, as I mentioned earlier, regulatory compliance,
data location, data segregation, recovery, investigative
support, and long-term viability. Of course, there are also
many other items that we have to address with a prospec-
tive vendor, which we have included in our assessment
report—I can email it to all of you right after this meet-
ing adjourns.
Danny:
Come on, Jim, are you going to try to tell me that you’ve
accounted for the virtualization security challenges?
Jim:
Actually, yes, I have, Danny. Of course, as security experts
warn, all the vendor activity in the world won’t help a
company that dives headlong into the cloud without
thinking through the risks first, and as long as companies
fail to grasp the nuts and bolts of virtualization, dangers
remain. As Murray will attest to, we have done our home-
work in this regard. You must realize that security in a vir-
tual server environment is different, and you have to
think differently and use different tools to achieve the
same level of security and risk management you had in
the past. Operationally and technically, there’s a lot more
integration and tightening that have to occur. There are
even solutions that protect both physical and logical
infrastructure, and that can provide application-aware
firewalling, inter-VM flow visibility and analytics, appli-
cation policy control, and intrusion-prevention capabili-
ties.
Appendix B.fm Page 294 Tuesday, May 26, 2009 2:09 PM