Skip Links

Cloud computing security challenges unite hosting providers, security specialists

Cloud computing providers are teaming with security vendors to shore up hosted environments

By , Network World
February 26, 2010 09:50 AM ET

Network World - As cloud computing adoption climbs, hosting providers are inking deals with security vendors to provide security-as-a-service options to customers. But will enterprise IT managers buy into these often novel forms of security woven into a cloud computing environment?

Are security issues delaying adoption of cloud computing?

There's definitely some resistance as IT and security managers struggle to sort out risk factors and compliance issues.

"A good number of organizations are now using what they consider to be cloud services," says Bill Trussell, managing director of security research at TheInfoPro, which just published its semi-annual survey of information security professionals at large and midsize firms in North America. But when TheInfoPro asked respondents about whether they'd use cloud-based security services in cloud computing environments, less than 15% cited that as being very likely.

"When asked whether organizations would extend functions such as user access and provisioning, or two-factor authentication, to cloud providers, it wasn't too popular," Trussell says. Enterprise security professionals are still nervous about something largely unfamiliar that doesn't sit on their premises and isn't under their direct control — or even under the direct control of the cloud-computing provider they use, since the security service is controlled by a third-party vendor with security expertise.

Still, these new security-as-a-service arrangements are coming to cloud computing, and fast.

PivotLink, for instance, which offers cloud-based pay-as-you-go business-intelligence services, including an analysis service for data related to, is in partnership with Novell to beta-test Novell's cloud security service, which includes various identity-management capabilities based on software hosted at GoGrid.

"We get our authentication from the Novell service, which plugs into the customer's service," says Bob Kemper, senior vice president of development at PivotLink. "Today we use the identity management and their authorization to manage the security level. Novell integrates with the required enterprise systems for access to information."

PivotLink's customers, many of whom are retail sales managers at companies that include REI, don't have to be using Novell software on their premises to make use of the Novell cloud security service.

"If they're using any LDAP or Active Directory infrastructure, it will work," Kemper says. The cloud-based service makes use of SAML-based authorization. The arrangement in the beta test with Novell allows a customer to automatically de-provision a store manager who is leaving and add a new manager automatically authorized in the same role to use the PivotLink service.

"Our customers say we need this level of control and management and audit in some fashion," Kemper says, adding that customers say they will feel more comfortable uploading sensitive data into the cloud.

PivotLink hopes to be able to announce general availability of the Novell-based cloud security services as part of its portfolio offering by the summer. And Kemper feels the best approach to introduce these kinds of security controls is through a service model with a partner such as Novell, which maintains its own cloud.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News