McAfee Looks To Lock Down Cloud Computing Environments

The Santa Clara, Calif.-based security giant said the McAfee Cloud Secure program combines cloud security certification services from certification and attestation providers, and automated auditing, remediation and reporting from McAfee.

The new program comes as security represents the most commonly cited concern among potential cloud computing users. According to a recent IDC survey, 87.5 percent of respondents said security was their biggest concern or challenge when considering cloud adoption.

"SaaS vendors have a difficult time convincing prospects that their services are secure and safe," Christian Christiansen, vice president of security products and services for IDC, said in a statement.

McAfee isn't the only company looking to secure the cloud.

Novell and the Cloud Security Alliance (CSA) earlier this month launched a joint venture the Trusted Security Certification program, a vendor-neutral program that gives cloud providers security-specific cloud certifications and arms them with the information necessary to deliver cloud solutions that are proven to be secure, interoperable and in compliance. The program, dubbed the "Trusted Cloud Initiative" essentially provides a standard for companies considering cloud computing and can remove concerns around cloud security, governance and control of data and IT assets.

Similarly, CompTIA also offers a its CompTIA Security Trustmark, a vendor-neutral accreditation program built around security best practices that can also be applied in cloud computing environments and help companies find and fix problems related to security policy.

McAfee wants to provide SaaS users confidence in the security of cloud deployments. McAfee will count cloud platform provider Amazon Web Services (AWS) and SaaS provider SuccessFactors as its first Cloud Security partners.

McAfee's Cloud Secure program includes three services to enable cloud and SaaS vendors to tighten up security in their cloud offerings. First, the program offers cloud security certification services through which McAfee will partner with certification vendors to deliver services tailored specifically for SaaS and cloud vendors. The annual certification services will include existing security controls, processes and certifications and future cloud security standards.

Second, McAfee will offer automated auditing, remediation and reporting. McAfee will perform automatic and daily security audits, remediation of vulnerabilities and reporting of the security status of the services and network suing the McAfee Cloud Secure service. Vendors who pass the scans and other checks receive a McAfee SECURE Trustmark that can be used on customer-facing materials to illustrate third-party cloud security validation.

Lastly, the program will leverage the McAfee SECURE technology and Trustmark to show that cloud providers and vendors have undergone rigorous security testing, business practice review, compliance certification and additional vulnerability evaluation.

"McAfee Cloud Secure is our first step toward proactive and comprehensive security certifications and tools for the cloud," Marc Olesen, McAfee SaaS senior vice president and general manager, said in a statement.

McAfee will build on the program using its SaaS portfolio of cloud-based security services and its Global Threat Intelligence network in a bid to make cloud computing safer.

"With the McAfee Cloud Secure program, we are adding peace of mind for those with cloud deployments, helping end users more easily evaluate and select a safe and secure vendor," Olesen added.