Post to Twitter |
Comments (2) |
Views (11455) |
I interviewed Kurt Roemer for this topic. Kurt is Chief Security Strategist for Citrix Systems and a member of the CTO Office. He's a seasoned information security veteran with more than 20 years experience in networking, applications, and the evolving Web services infrastructure markets. He has designed, implemented, and assessed solutions and policies for Fortune 1000, mid-size, and government organizations worldwide. Roemer is a CISSP and has spoken at a wide variety of leading industry shows and conferences across the globe including BITS, CSI, RSA, Networld+Interop, Japan's inaugural Web Application Security Forum, Society for Information Management, ITEC, SecureAsia and numerous regional ISSA and InfraGard conferences. He has also appeared as a security expert on CNN, Fox Business News, and the Fox News Channel and is well known for his popular "Web Hacking Live" sessions. Prior to joining Citrix, Kurt held roles as CTO/CSO at NetContinuum and headed up information technology practices at Micron Electronics, NetFRAME and Hewitt.
Q: Kurt, isn't Cloud Computing competitive with Citrix?
A: In some ways, yes, but in many ways interest in Cloud Computing actually creates opportunities for Citrix. Our NetScaler and XenServer products are good examples of this. Both NetScaler and XenServer are powering major cloud providers today. We also have partners, such as 3Tera, who are hosting applications, using XenApp and XenDesktop, on the Cloud.
Q: It seems to me that Cloud Computing requires that you really trust the provider - after all you are turning over your valuable data to them - is this a consideration?
A: Yes. The old security mantra was that physical security trumps all. With the Cloud you lose control over physical security. The actual servers could be anywhere the provider decides to put them, factoring in availability and least cost. This is significantly different than a SaaS model, especially as you factor in access to data, backups, encryption keys and other security concerns.
When you sign an agreement with a provider you agree to pay for a certain amount of storage and resources like applications and are committed service levels. You lose control over the assets in some respects and therefore the security model must be refactored.
Q: The security concerns with this must make security professionals uncomfortable. Tell me more about what Citrix has to offer to improve this situation.
A: The fundamentals are encryption of data and access control to data. Citrix has recently introduced the Citrix Cloud Center, which is composed of several Citrix offerings. Access Gateway and NetScaler address encryption, and Access Gateway provides authentication services. In addition to the security features, the Citrix Cloud Center provides geo-location with NetScaler (where the user can be connected to different hardware in different regions in the world, but yet have all the same applications and capabilities), local data caching with WANScaler and orchestration with Workflow Studio. Citrix is also working with key ecosystem partners to enable end-to-end security in the cloud model.
Q: What is the future of security in Cloud Computing?
A: The ultimate solution is data level security. After all, sensitive data is the domain of the enterprise, not the Cloud Computing provider. Security will need to move to the data level so that enterprises can be sure their data is protected, wherever it goes. For example, with data level security, the enterprise can specify that this data is not allowed to go outside of the US. It can also force encryption of certain types of data, and permit only specified users to access the data. It can provide compliance with PCI. We are working with several partners in the data security area.
Comments (2)
Dec 26, 2008
Maxi Oong says:
Mr. kate Brew thanks reporting of clound computing. I tries with web 2.0 with bl...Mr. kate Brew thanks reporting of clound computing. I tries with web 2.0 with blog, and processes with cloud computing. I connects ihubmedian.comThe cloud computing is apply into blog or graphic of global at ASIA. I with visual studio in dilog box and a sharepoint alike server . This is a somewhat blog in stepping growth . There is google search to blog announceing baby-touching in silverlight . To report iReport of CNN in blog. the blog of MS server of IIS6.0 which contains FTP server and frontpage server . This security of file principle setup with no enrollment. And with Windows Server 2008 tools to protected files . it is virtual block diskes transits internet. What's the ownership relation in google and Windows . the blog with graphics and articals can be protect by cloud computing. The virtual diskes block consists in cloud by citrix.com of comment. how do it blog to citrix.com personal . The small database with blog2.0 of citrix.com by threat of internet. it's renew every weeks do affort in adding tools of web 2.0 . Adding linkage of files live transits. searching web side to login.
Jun 14
Anonymous says:
<!-- /* Font Definitions */ @font-face Unknown macro: {font-family} @font...<!-- /* Font Definitions */ @font-face
If you are like me then you have probably tired many different types of scans to try and protect your computer. There are many different options available but I have found that most of them pick up the same bugs whether you pay for the scan or download a free version. Orbasoft Antispyware (http://www.orbasoft.com) is one of the best that I have found so far and it cost less than many of the other well-known scans on the market today. If you are searching for a good scan I suggest that you check out the antispyware solution from Orbasoft.
Add Comment