Thales Blog

Cloud Security: Not Necessarily an Oxymoron

August 20, 2013

Unless you've been living under a rock for the past few months, you've realized that George Orwell was right: Big Brother is watching. It all started with the PRISM news (well, not really, but as far as most of the mainstream news media and the world is concerned, it started there), was reinforced almost immediately by Project XKeyscore revelations and then cemented by Google's assertion last week that those who email Gmail users have "no legitimate expectation of privacy." Talk about adding gasoline to a brightly burning fire!

To say that there's been outrage over this topic would be an understatement. This is especially true in Europe, where privacy concerns around US cloud providers are shifting into high gear and may well expand quickly around the globe. Well, whether anyone likes it or not, surveillance programs aren't going away anytime soon. What will be changing —and fast — is the amount of scrutiny around HOW cloud service providers are locking down their customers' sensitive data. My personal belief is that CSPs will be compelled to prove (not just say) that their customers' sensitive data is not exposed in any way; to do this, they're going to have to demonstrate how their data security technologies and access policies can prevent data breaches from both external attackers and privileged users like Edward Snowden. (I also have a high degree of confidence that CSPs who can't provide customers with verifiable security assurances will find themselves in serious business trouble before the end of 2014.)

Now, there are certainly companies in the market that saw the importance of cloud security early and took it upon themselves to "bake in" the necessary security technologies, access control policies and monitoring/reporting capabilities. A few that come to mind include IBM (specifically, the IBM SmartCloud initiative), Virtustream (with its Enterprise Class Cloud offering) and Rackspace (with its Enterprise Cloud solution). Given where things are headed, my bet is that these companies will gather significant momentum in the coming months and that others will jump on the cloud security bandwagon as fast as they possibly can.

If the incoming calls I've gotten over the past month are any indication, I'm confident that cloud security will be one of the hottest topics at VMworld in San Francisco next week and that gathering real-time security intelligence based on predictive data analysis will be a key sub-theme. So, if cloud security is on your mind, please stop by our VMworld booth (#225) for a chat. We'll be demonstrating our Vormetric Data Firewall technology, talking about our new partnership with Splunk, sharing use cases in both public and private cloud environments, and helping prospective partners and customers find a clear path to trusted cloud environments. We'd be more than happy to answer any cloud security questions you might have.