Cloud computing and virtualization will reshape IT security as the world knows it, and the proof that the cloud can be secure is already starting to bubble to the surface, RSA executive chairman Art Coviello told a jam-packed room of thousands during his opening keynote at RSA Conference 2011.
And to adapt for the inevitable shift to cloud and virtualized systems, RSA, VMware and others are teaming up to launch new security services to ensure data and information moving and stored in cloud and virtualization environments is secure.
"Last year, my keynote was about the promise; this year it's about the proof," Coviello told thousands of security pros.
Cloud computing has created an interesting paradigm for security: More information is being created, the physical infrastructure is dissolving and identities are proliferating. Regardless, Coviello said, the goal of security remains the same, to get the right information to the right people unhindered and uninterrupted.
"It may at first seem that cloud and virtualization may confuse the problem," he said, later adding that despite the concern, confusion and uncertainty, cloud computing and virtualization have become a reality. "Regardless of fear and uncertainty, businesses are moving to the cloud anyway."
Calling virtualization "our silver lining in the cloud," Coviello said virtualization can create a new level of control not available in physical environments. First, in virtualization and cloud environments, security becomes information-centric. Second, security becomes built-in and automated. And third, security becomes risk-based and adaptive.
Richard McAniff, chief development officer and co-president at VMware, said there are three distinct phases to the virtualization journey affecting how security is perceived: capex, resiliency and agility.
"We need to think about security in a fundamentally different way," McAniff said, noting that historically, security systems were built on the notion of static infrastructure with applications built on top of it. Cloud computing and virtualization changes that as the movement of security policies become automated and users are connected to information regardless of physical infrastructure.
In order to protect information and users in the cloud and in virtual environments, McAniff said vendors need to work together to create a security ecosystem.
"If we're going to work together to keep the bad guys out...we need a little help from everyone."
In the spirit of teamwork, Coviello gave RSA Conference 2011 attendees a sneak peek at the RSA Cloud Trust Authority, an upcoming set of services that RSA and VMware will launch to provide visibility, control and security to cloud computing and virtualization environments. The RSA Cloud Trust Authority, which will see its first set of services launch in the second half of 2011, will offer visibility and control into identity, information and infrastructure. Along with RSA and VMware, Cisco, Intel, Citrix and others will be part of partnership.
"Trust in the cloud, it is achievable; not in the distant future, but today," Coviello said. "Virtualization and the cloud will change the evolution of security dramatically and positively in years to come."