I’m at the RSA Conference this week – my 8th year attending what really is the best security event of the year. It’s especially exciting this year because so much is coming together in our field – in particular, GRC, Cloud Trust and Advanced Security Management. And this week, I’ll have a chance to blog about the first two of these, my favorite topics!
Cloud Trust first. EMC and RSA are announcing very cool elements today on this - The Cloud Trust Authority and the Cloud Advisory Service.
Okay – what’s the Cloud Trust Authority and why do we need it?
What it is – The Cloud Trust Authority is a set of cloud-based services that allow organizations to manage trust relationships with and across cloud service providers (CSPs). Why do organizations need it? Simple - as organizations adopt more cloud computing models, across multiple CSPs – the complexity of managing GRC across so many hybrid environments makes the challenges of managing GRC across internal organizational silos look like a piece of cake by comparison. This kind of capability is absolutely fundamental to cloud adoption – we know from multiple surveys that the greatest inhibitor to cloud adoption is concerns CIOs have that visibility, security and control lessen in the public cloud.
Enter Cloud Trust Authority. This platform goes a long way to addressing concerns CIOs have about public cloud computing. Instead of establishing trust relationships one by one with each cloud service provider, individually, the Cloud Trust Authority, as a platform allows organizations to pull all this information into a single console that providers feed.
Centralized access to security profiles of multiple CSPs, all in one place. Elegant and powerful.
Raises the bar (for GRC) and lowers the barriers (to cloud computing) .
The Cloud Trust Authority can manage identities across CSPs, and also provides a compliance profiling service using the Cloud Security Alliance Consensus Questionnaire. CSPs like it because it will open up more of the market to them – and customers can now trust more and make the plunge with more critical workloads that house sensitive data.
Perfect convergence of the interests of CSA, CSP and CIOs. Win, win, win.
But what about that CIO? There are still a lot of options out there, and the Cloud Trust Authority is being announced – it’s not ubiquitous. Yet.
Yes, there still is a lot of work to do on strategy and tactics. Happily, at the same time, EMC is announcing consulting services that help organizations make decisions about what workloads and information sets to move to various cloud-computing models (private, public, community, and hybrid) based on the sensitivity of information and security profile of the CSP.
This is called the Cloud Advisory Service with Cloud Optimizer – it’s key to helping organizations define their cloud computing strategy by looking at functionality, economics and trust. I’ve had the pleasure of working with some customers on the Cloud Trust portions of these analyses, and it’s been very cool, to say the least. We look deeply at workloads and data set combinations from six aspects of what we call the Trust Wheel – governance, risk, compliance, confidentiality, integrity and availability. We’ve aligned this with the CSA Cloud Controls Matrix so we are evaluating just what we need to in order to make informed recommendations on what environments best suit what workloads. This is all good, and moving the industry along – this is cutting edge stuff – take the time to learn more about this and get involved! Check out the Cloud Trust Authority and early access program at RSA . Check out the Cloud Advisory Service at EMC Consulting.
