RSA Conference is the event for news to spill over with talk about cloud computing security.The
Let's take a look at some of the announcements from the major players in the market, including Intel, Novell and Cisco.
Intel, RSA, VMware and the Trusted Server
According to Dark Reading, the companies demonstrated a proof-of-concept for "building security into the cloud computing infrastructure."
The companies are playing on the white listing concept, which has gained wider acceptance in the security world. The idea being that if a server is trusted or white listed then it will be far less vulnerable to malware attacks:
"At the heart of the PoC is a hardware "root of trust," which uses Intel's Trusted Execution Technology (TXT), which authenticates each step in the boot process of a system, verifying the hardware configuration, initializing the BIOS, and launching the hypervisor. It basically ensures physical and virtual environments aren't tampered via malware or other malicious activity. Intel's upcoming "Westmere" processor, which will be announced in two weeks, will support this capability, says Kirk Skaugen, vice president of the architecture group and general manager of the data center group at Intel."
Novell and the Cloud Security Alliance
Novell is teaming up with the Cloud Security Alliance to push standards for cloud computing. The effort is called the "Trusted Cloud Intiiative." According to Information Week, Novel will develop standards for cloud security, compliance, identity management and other related issues.
Cloud computing is essentially a world with no standards whatsoever. Everyone has different meanings for the fundamental aspects that are a part of cloud computing. That leaves the customer with little way to fully understand what they are committing to with a cloud vendor.
In its second year, The Cloud Security Alliance consists of technology companies seeking to develop use cases about the processes and practices around cloud computing security.
Cisco: Developing Mobile Phone Security
Cisco is developing an "always on" security system for mobile devices. According to Computerworld, the service would give enterprise managers the ability to control cloud-based applications on an employee's mobile device.
The service..."would allow a business to establish an always-on VPN connection that would "automatically log you in" and "maintain session state."This new VPN client on the mobile smartphone and other types of computers would be the means to also establish policy controls to set restrictions on Web browsing, prevent unauthorized transmissions of sensitive data through data-loss prevention filtering, and provide automated access to cloud-based applications, as well as a way to de-provision use of applications, if needed."