The adoption of cloud in the consumer market and especially the high-profile enterprise market has seen some inhibition, especially surrounding security.
John Furrier brought Curt Aubley, Lockheed Martin VP & CTO Cyber Security & NexGen Innovation, into TheCube at Intel Forecast 2012 to speaks about cloud and its intersection with security. They interview was amazing and elucidating and cloud has a lot of places where security is a definite function of its model—beyond reliability, security is needed to bring in more business and allow people to accept and form trust and responsibility. You can watch this interview, and more, over at Wikibon.org–full video embedded below.
Aubley speaks about how cloud has been a massive marketing influence; but that the market itself is still highly conservative when it comes to technology and that people aren’t going to fix things that aren’t broken. Cloud is being first adopted by new technological niches; but they’re not being picked up as quickly by already entrenched enterprise efforts that have a well founded set of responsibilities that they’ve gotten fixed to the legacy technology they already have.
“Everyone has different security goals, and different security threats they might be managing,” says Aubley. “So when we look at the security landscape, we see compliance—which doesn’t really provide security but makes sure you do everything the government asks you to do—there’s the eighty-percent threat that allows you to manage and defend against the known threats that are out there; and then there’s what we refer to as the twenty-percent advanced threat. That’s groups that are very well funded they’re creating new pieces of malware every day. That is something you can’t just buy out of the box, it’s much trickier to look at.”
If a person can work with a cloud-provider that delivers enough transparency and trust level to use applications and assets in that environment will pull in new businesses and products. Lockheed Martin, of course, being big in the security market is happy to provide this sort of trust factor and allow people to leverage it.
Aubley says that use cases are really all about the use cases. Lockheed Martin has fourteen usage models published so far, most of them are around security—such as it is a huge concern—thus we see: provider assurance, security monitoring, identity management, cloud-based identity, governance and audit, privileges, and single-sign on. After all of these use cases were examined, then they started to look at automation.
Problematically, regulations around the world are changing faster than the cloud technology. For example, many countries are calling that contractors can use a cloud but the data must be stored in-country. This can work to limit the amount of cloud that can be used to provide customers usefulness. We’ve actually been seeing many reasons why cloud-infrastructure cannot readily leave a country (especially for sensitive information) because other countries want to know what’s in it even if it’s heavily encrypted.