Guest post by Ben Goodman, security specialist, Novell
If you didn’t attend Monday’s Enterprise Cloud Summit here at Interop, you missed an outstanding event. In the audience were around 250 enterprise IT professionals addressing a wide range of questions to the experts on stage. A common subtext to many of those questions-the elephant in the room, if you will-seemed to be: How do I get the levels of security, identity management and compliance in the cloud that my enterprise demands? I don’t believe the panelists on stage were avoiding answering the questions. They just seemed more focused on peddling their wares instead of listening to the needs of the marketplace.
Much like the baby that tries to run before it can crawl, or the army that gets ahead of its supply lines, the experts answering questions didn’t fully appreciate the foundations of network security-the building blocks that will enable SaaS or PaaS and IaaS to deserve the same level of confidence and respect as on-premises services, platforms and infrastructure.
It’s surprising to me that IT experts aren’t more concerned about helping enterprises get their Identity and Security houses in order before extolling the virtues of cloud adoption. Just as you have to crawl before you can walk, you need to secure your on-premises assets before you graduate to securing cloud-based applications and data. In other words, you need to optimize your enterprise Identity and Access Management program, then extend it into the cloud.
So, what are the primary building blocks? STANDARDS. Without standards, customization becomes prohibitively expensive. Integration becomes a problem too. And you lose whatever economies of scale you gained by going to the cloud in the first place.
There aren’t any widely recognized cloud standards yet, but fear not. Cloud service providers are looking to leverage standards that may already exist where possible. As a result Service Provisioning Markup Language (SPML) and Security Assertion Markup Language (SAML) XML-based frameworks are well on their way to becoming de facto standards. In order for us to achieve the economic promise of cloud computing these standards need to evolve to become lighter-weight and more tuned to the needs of cloud computing. The only way this will happen is for customers, product vendors and cloud service providers to work together to improve these standards.
Novell supports OASIS the creators of SPML and SAML. We’re also working closely with the Cloud Security Alliance (CSA) on a vendor-neutral initiative to deliver the industry’s first cloud security certification, education and outreach program for cloud providers. With its “Trusted Cloud Initiative,” CSA will help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and practices. The goal is to put trusted standards in place to alleviate concerns about security, governance and control of enterprise data and IT assets. In other words, standards that push the elephant right out of the room.