McAfee Sees Identity As Key To Cloud Security
As the cloud evolves, vast networks of relationships, contacts and services can be protected by requiring others to be identified first as legitimate before joining, similar to how people must get permission to connect with others on Facebook or LinkedIn, Scott Chasin, chief technology officer for McAfee cloud security, said Tuesday during a talk at the Cloud Expo conference in Santa Clara, Calif. By leveraging trusted networks, Web security can move from a reactive model that blocks the bad guys from one based on identifying the good guys.
"Using techniques like social network analysis, the enterprise will be able to map its business interests," Chasin says. "The enterprise will be able to define who they communicate with, who's in the supply chain, which ultimately is going to define a trust signaling layer in the cloud."
Identity and authentication, which is key to this vision of cloud security, would encompass everything, people, services and computers. System identity would be hardware based, Chasin said, in a nod to McAfee's parent Intel. The chipmaker has been a longtime developer of security in microprocessors.
Chasin argued that the technological groundwork exists today. Products that deliver single sign on for multiple applications, directories for identity management and SAML, or security assertion markup language, are among the existing, foundation-setting technologies. (SAML is an XML-based standard for exchanging authentication and authorization data among Web services.)
Lou Rubbo, a principal at Broomfield, Colo.-based security systems integrator DirSec, agreed that cloud security could evolve around the concept of sharing identities on the individual, machine and application level. However, he cautioned that security would remain a concern. "There will always be issues, security concerns or holes," he said.
Chasin presented McAfee, and Intel's cloud security vision a day after McAfee released an upgrade of its Cloud Security Platform, which includes new Intel-developed identity management and a gateway for securing and applying corporate policies to application-to-application data flows between the corporate network and the cloud.
Chasin believes that in the next seven years, vendors will be offering trust as a cloud service, where contacts, communications and relationships will be mapped into walled gardens, much like in the early days of the Internet when companies like AOL gave members a safe Web community. "It's going to be brokered by a trust service provider," he said of future cloud networks. "And it's going to be embedded in the hardware."