The primary limitations or dependencies of this approach, however, are that the enterprise must use the specific vendor’s security products, and those products must be sufficiently comprehensive and scalable to address the security risks and compliance requirements posed by the public cloud. Without a sufficient range of capabilities, security solutions from multiple providers will be required, and with that comes multiple administrative and reporting interfaces.
· Cloud-embedded security services. In this solution, rather than securing the enterprise’s public cloud instances by extending on-premises product capabilities, security is designed into the provider’s cloud offerings. An example of this approach is the Savvis Symphony Virtual Private Data Center (VPDC). With Symphony VPDC, Savvis subscribers can choose from three service tiers -- Essential, Balanced and Enterprise -- each pre-defined with service capabilities in compute, bandwidth, storage and security optimized for the subscriber’s intended use.
For Web hosting applications, Savvis recommends the Balanced service tier. If the client use is for mission-critical/enterprise applications, the Enterprise service tier is the optimal choice. For enterprises with a clear understanding of how they intend to use the cloud and have trust in Savvis’ assembly of services, this approach has intrinsic appeal.
The drawback is that this approach is not conducive for enterprises that subscribe to cloud services from multiple providers.
· Cloud security bridge. In this approach, security capabilities are delivered as cloud services that cross over into the enterprise’s public cloud instances. Assuming broad interoperability between the cloud security bridge and public cloud providers, enterprise subscribers can centrally define security policies and have their policies adaptively applied to each of their public cloud instances. RSA, the Security Division of EMC, is pursuing this approach with the RSA Cloud Trust Authority.
Though they are not yet commercially available, three security modules will be available: identity security, infrastructure security and information security. Among the favorable attributes of this approach are provider independence, breadth of security capabilities, and centralized administration and reporting.
Several aspects of this approach are unknown, however, including the credibility of each security module relative to comparable solutions and the broadness of cloud provider interoperability. Weakness in either lessens the overall value of this approach.