Addressing Cost-Effective Security in Cloud Computing Environments

Recently, I presented at a few conferences in Malaysia and Singapore on securing data center and cloud computing environments. Although cloud computing has been a very popular topic recently, TippingPoint has been securing cloud deployments for a number of years. Specifically, we have a number of customers worldwide that leverage our solutions to protect enterprise and Web applications (off the shelf and custom) from emerging threats.
There are a number of issues related to securing public/private cloud deployments. Some are obvious and some are not so obvious. The common perception is that the biggest security issue is inter-virtual machine (VM) communications. But when I talk to customers and partners, this is much lower priority because their environments (OS’s and applications) are for the most part trusted and partitioned. Recently a bigger issue has emerged in securing the cloud around implementing a cost-effective disaster recovery architecture. The challenge is replicating a large physical infrastructure in multiple locations in a cost-effective manner. To do so requires a higher capital investment up front for resources that may or may not be leveraged or used on a regular basis.
In order to address this challenge, I believe a new approach will emerge over the next couple of years to secure both public and private clouds. The solution will be a hybrid approach to security in the data center where security policy is applied to both physical and (continue reading...)