I was really pleased to be among the best 4 European start-ups that were in Tel-Aviv last week to participate at the Global Security Challenge. Unfortunately we did not get to the finals but still a very good experience. This competition has a broad security scope, for example there were companies focusing on water security and physical security. IT security is as well very important and even touches critical industrial systems as shown by the stuxnet incident.
On the other hand, I was impressed by the Israeli ecosystem on security technologies and I expect that some of the global security players continue to start from here.
Nevertheless, I found puzzling that the 2 most frequent questions everyone asked me about cloud security, were somewhat contradictory:
- Is it possible to secure the cloud?
- What’s new about the cloud that needs new security measures?
So, it seems to suggest that on one hand it is a too big problem to solve and on the other hand that the cloud is more hype than something really new that brings new security requirements.
The easy answer for both questions is to refer to the Cloud Security Alliance, where we did a comprehensive work about these issues, specially on problem statement. Moreover, I try always to enumerate what I believe are the root causes of the cloud security problems and the main differences between public and private clouds. Then I really believe that we need to focus on specific problems and then trying to find solutions. For instance, concerning the problem of lack of visibility on the cloud (API logs on Amazon Web services to give a concrete example), we might think of a gateway (working as a proxy) that logs (and optionally controls) the API usage.
After the long and interesting discussions at Tel-Aviv, I’ll over simplify and draw one hypothesis.
The 2 questions come from the people perception on the “cloud” and it may boil down to the following rephrased questions:
- Is it possible to secure the PUBLIC cloud?
- What’s new about the PRIVATE cloud that needs new security measures?
Before trying to answer these questions, I would love to hear what you think about the hypothesis.
PS> good luck for the Global Security Challenge finalists