LAS VEGAS – As virtualization vendor VMware Inc. (NYSE: VMW) works with the channel partners at VMworld 2011 to help them become trusted advisors to their clients, one of the areas organizations will be seeking advice and support is around cloud computing security, which remains a top of mind concern for many enterprises considering embracing cloud computing.
In its 2011 State of Security survey released this week,security vendor Symantec Corp. (NASDAQ: SYMC) reported that virtualization has joined mobile computing and social media as the top three trends driving security challenges in Canada, according to respondent organizations. And the budget is following. The highest growth area in Canadian IT security budgets is security for private cloud initiatives with 38 per cent increasing their spend, and public cloud not far behind at 34 per cent. On the staffing side, 42 per cent of organizations were adding staff to handle cloud security concerns.
Sean Doherty, vice-president and security group CTO with Symantec, said the most common security concern customers have around cloud computing is that, by giving data to a third party, the data is out of sight. They fear loss of control.
“We have requests for support around encryption and key management, and we also see requests to be able to provide visibility into the compliance of the cloud service provider to certain standards,” said Doherty.
While computing models have shifted over the years, virtualization isn’t a new phenomenon, said Doherty, and the responsibility for security hasn’t shifted. It still lays with the IT organization and their trusted solution providers, and Symantec’s role is to make sure they have the tools they need to manage virtual, cloud and physical environments.
Tom Moss, director of products and services at Trend Micro Inc., said their focus is around host-level encapsulation, so that applications and data hosted in the cloud have all the necessary security controls built-in before they’re deployed into the hosted environment. The Deep Security offerings encrypt data before it goes to the cloud, and include monitoring and audit tools to detect and prevent unauthorized access. Secure Cloud allows customers to keep their same policy-based encryption as if the data was in their data centre.
“Organizations can continue to enforce policy if the machine is physical, virtual or in the cloud,” said Moss. “We’re trying to educate people about the limits of what cloud providers can offer and where they need to augment workloads pushed to the cloud with their own security controls.” The channel’s role will be to ensure clients understand the security risks of different computing environments, make smart decisions about what data goes where, and have the right management and risk mitigation measures in place.
Carolyn Cox, senior director of global channel marketing with VMware, said VMware advises its partners to talk about security with their clients within the larger context of business transformation and how the cloud can drive value for their clients.
“What customers want right now is clarity in these uncertain times. Partners have the opportunity to lead customers own the path where it makes sense to go to the public or hybrid cloud, and with strong guidance they’ll go willingly and partners will make money,” said Cox. “For every dollar of VMware technology partners sell it drags along 15x in storage, security, networking and management needed to satisfy overall customer requirements. There’s money for partners to be made in this transition.” Cox said she also advises partners to go beyond VMware’s core vSphere offering and explore complementary adjacent offerings that can deliver additional value to customers and drive incremental revenue.
“Partners have an obligation to customers, and they’re really stepping up,” said Cox. “They’e looking to get out of the data centre and bring their value up the stack.” Security is a big topic and it’s become clear it will take multiple approaches to get it right, said VMware president Paul Maritz. The vendor is working closely with its partners to do that, but Maritz said the other key to the security puzzle will be building a track-record of performance over time.
“I believe (security concerns) will be less of an issue gong forward,” said Maritz. “We can only address it with a history of doing it.”
Follow Jeff Jedras on Twitter: @JeffJedrasCDN