An interesting thing I saw at RSA this year was at the Alert Logic partner pavilion on the show floor. Alert Logic had five of their leading cloud/hosting provider partners exhibiting with them. The five were: Rackspace, SunGard Availability Services, Navisite, Hosting (formerly Hosting.com) and Datapipe. If I told you the five of these companies were at RSA, you would have probably assumed that they were in attendance seeking to learn more about security and new trends in security. You probably would not have thought that they were there as security providers themselves. However, that is exactly what they are and what they were there doing.
Some of the security services they offer are through third-party providers such as Alert Logic. Alert Logic offers threat management, log management and web application firewall services primarily through cloud and hosting providers. But all five of these providers also offer home-grown organic security services. In fact, security is built into the very fabric of their offerings.
This manifests itself when they speak to you about how they secure their infrastructure. Security measures are built into every layer. Some in the way of technologies, some in the way of process and policy. Many of these built-in security measures are not priced separately. They then offer a suite of optional security services to their customers such as the Alert Logic offerings.
When you think about it, this is really pretty amazing. We have gone from cloud being insecure and cloud providers being perceived as not having security to cloud providers acting as cloud security providers. I don't think it is a coincidence that at the same time we see this transformation we also see cloud security diminishing as an inhibitor to cloud adoption. It is a testament to the hard work and quality of security that these providers have built up over the last few years.
I had a chance to catch up with several of these cloud providers and with VP of marketing for Alert Logic, Urvish Vashi. You can listen to the conversations below. I think you will find them interesting. Each conversation is only about 10 to 12 minutes.
This year marked a new era of the cloud at the RSA conference. What was a weakness is now a strength. Cloud providers are now out hawking their wares as cloud security providers, and that is a good thing.
(If you don't see the audio players below you may have to reload the page)
My first conversation is with Cara Camping, Product Manager, Managed Security Services for Sunguard AS
My next conversation is with Chris Patterson,VP of Product Management at Navisite
Finally my last conversation is with Alert Logic VP of marketing, Urvish Vashi an old friend of mine.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.