Cloud computing is all the rage. “It’s become the phrase du jour,” says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition.
As a metaphor for the Internet, “the cloud” is a familiar cliché, but when combined with “computing,” the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is “in the cloud,” including conventional outsourcing.
Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.
Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.
However, the cloud has some obstacles to overcome before it’s anywhere close to being considered mature. According to Gartner’s 2010 CIO Survey, security technology was the number-one priority of respondents. In the context of the cloud, security is an even bigger concern
Of course, where there is pain in the market there is opportunity. Here are few Cloud Security emerging vendors attempting to make the cloud every bit as secure – or more so – than on-premise computing
What problem do they solve? Encryption is one of the first security steps experts recommend to mitigate the risks associated with cloud computing. With businesses being asked to trust the cloud provider to manage encryption keys, though, there are inherent vulnerabilities-especially when the keys are kept in the same cloud environment.
The fear of a breach – either through an attack on the cloud provider, or through a malicious insider – is one of the top barriers to full-scale cloud adoption. Having keys stored in the environment under attack isn’t wise.
What problem do they solve? Trust is a huge issue in the cloud. Most trust discussions today focus on the end user, but data integrity is equally important. Just as organizations worry now over how they’re going to trust that insiders are actually who they say they are, they should also be worrying about how reliable and trustworthy their data is.
IP theft, data loss and non-compliance can all result from mishandled data. One method that has been proposed but never caught on was data signatures. Unfortunately, signing through PKI or similar technologies is out of reach for most organizations because of the expense and complexity of key management.
What they do: What VeriSign has done for website trust; GuardTime seeks to do for cloud-based trust.. GuardTime has created a keyless signature technology that secures critical data in the cloud and maintains extensive mathematical proof that data integrity is intact. GuardTime’s Keyless Signature is a system of software-generated, automated verification based on mathematics, which frees IT from the burdens of key management.
Why they’re an up-and-comer? Regulatory requirements centered on privacy and data integrity are issues for nearly every industry now, and verifiably clean data goes a long way towards ensuring compliance. This is a big horizontal market, and GuardTime is already cashing in with such customers as Brother Industries, which manufactures multi-function printers using GuardTime integration. GuardTime has partnered with Joyent to deliver the first cloud stack with keyless signature integration.
GuardTime also earned some cyber-security street cred through adventures in Estonia. CEO Mike Gault gained in-the-trenches, cutting-edge cyber-security knowledge while living in Estonia when Russia launched one of the first “cyber-warfare attacks.” Calling it that is probably a bit sensationalist; nonetheless, in a country where 97% of banking transactions are done online, there’s plenty to learn about next-generation security.