Security is often touted as a barrier to cloud adoption, but the Cloud Security Alliance (CSA) has a very different viewpoint.
The CSA sees the cloud as being the technology platform that could extend and improve security across the IT landscape.
Junaid Islam, founder and CTO of Vidder and a member of the CSA, told eWEEK that the new Software Defined Perimeter (SDP) initiative is all about using the cloud as a way to protect application infrastructure. Islam explained that the CSA is working as an “honest broker” to put together the best practices and guidance that will constitute the SDP as a new framework for IT security. The result, he added, is expected to be a standard that can be implemented by any cloud service provider without any license fees.
“The hope is that, from a security perspective, once companies get used to using a standard security framework in one cloud, when they move to another cloud the same kind of security services will be available,” Flores said.
The type of services that the SDP will aim to provide includes cloud-based authentication and security configuration capabilities. Multiple vendors today, including Cloudflare, Incapsula and Akamai, already offer cloud-based security services to customers. What the CSA is aiming to do with the SDP is expand the scope of the security controls that are available in the cloud, Islam said.
“Today the cloud security solutions are mostly point solutions, things that do DDoS [distributed denial of service] protection,” he said. “We’re not in competition with those vendors; we’re trying to build a framework that helps people to understand what’s required to build a complete security perimeter in the cloud.”
Instead of having enterprises buying a set of security boxes and services and then putting it all together on their own, the SDP aims to have all necessary security components available as a standardised service in a cloud, Islam explained.
In his experience, Flores said he has seen a lot of implementation headaches for organisations trying to build out their own sets of security controls.
“One of our goals is to take these security activities that people have been doing, codify them and then make it all available for the cloud providers to take advantage of,” he said.
In terms of specific cloud providers or cloud technologies, Flores said the CSA isn’t focused on any one group or cloud vendor.
“What we’re talking about doing is creating new standards for cloud security that anyone can take advantage of,” Flores said.
Are you a cloud pro? Try our quiz!
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…