Cloud Computing Journal

RSA, The Security Division of EMC, released a new RSA Security Brief entitled, "Identity and Data Protection in the Cloud: Best Practices for Establishing Environments of Trust." This Brief offers guidance and actionable best practices for organizations faced with the challenges of securing identities and data in the cloud. The new RSA Security Brief combines the expertise of top technologists in the field of cloud security to help organizations understand how to build trust relationships to link cloud services, protect against fraud and meet new compliance challenges arising in the cloud.

4th International Cloud Computing Conference Expo floor was visited by large crowd of delegates, November 2-4, 2009 at the Santa Clara Convention Center, CA

Authors of the RSA Security Brief include many of the industry's foremost security and virtualization experts from EMC and VMware, including Bret Hartman, Chief Technology Officer of EMC's RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware and other senior EMC technologists. In the new Brief, the authors collectively contend that cloud security has vast potential to surpass the levels of information security that are possible today. In the cloud, security protocols can be built into the virtualization layer, not just imposed at the application level where they are typically enforced. By embedding security policies deeper in the technology stack and diffusing them throughout the virtual infrastructure of the cloud, enterprises can establish stronger, smarter security to protect their users and their data.

Establishing Cloud Relationships: Deciding Who to Trust
The RSA Security Brief asserts that many of the technologies, services, methodologies and much of the know-how needed to secure data and user identities in the cloud already exist in the enterprise and need to be strategically extended into the cloud. The main impediment to the cloud becoming a truly ubiquitous services platform is insufficient trust, particularly between the owner-providers of cloud resources and the companies who lease those resources. The authors provide guidance on how organizations can increase trust in cloud environments by agreeing to enforceable standards on cloud performance and security. Furthermore, the Brief presents emerging best practices for managing trust in private clouds.

Fraud Protection: Keeping the Bad Guys Out
Cloud computing is developing alongside a faster growing, fraud-driven "dark cloud." The potential for fraud is a major inhibitor to enterprises and their users in embracing cloud services. Enterprises need to expand their strong authentication and fraud detection capabilities to protect against unauthorized access, phishing, malware and even intellectual property theft. The RSA Security Brief offers specific advice for how to best implement multi-layered, risk-based authentication services and protect against increasingly sophisticated fraudster attacks.

Managing Data Compliance in the Cloud
One of the significant advantages of cloud computing is that the virtualization layer provides unprecedented visibility into just about every activity involved in providing application services. The virtualization layer's highly granular monitoring capabilities can greatly improve reporting processes for auditing and compliance within clouds. Cloud environments do, however, pose some new challenges to ensuring regulatory compliance. The cloud's lack of physical borders can make it difficult to comply with jurisdiction-specific privacy legislation.

The RSA Security Brief offers specific suggestions to improve regulatory compliance, such as importing cloud vendors' logs into security information and event management systems and deploying "data aware" cloud storage platforms that intelligently allocate data in accordance with policies and regulations.

Practitioner Guidance for Data and Identity Protection in Clouds
The new RSA Security Brief concludes with recommendations for technology solutions and services that can help security practitioners better protect data and user identities in the cloud. Solutions and services center on Data Center Monitoring and Multi-tenancy, Data Encryption and Tokenization, Federated Identity Management, Strong Risk-based Authentication, Fraud Prevention and Malware Detection, Cloud Event Management and Audit, Data Loss Prevention and Regulatory Compliance.

RSA Security Briefs are designed to provide security leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic. Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners. Today's announcement marks the release of RSA's second Security Brief, "Identity and Data Protection in the Cloud: Best Practices for Establishing Environments of Trust," which is now available for download on the RSA website at www.rsa.com.