Don't approach cloud security the traditional way: McAfee

Don't approach cloud security the traditional way: McAfee

Summary: Cloud is a new field with new challenges, so McAfee's Asia-Pacific VP and CTO Michael Sentonas asks why we still take traditional approaches to security.


Security measures in the cloud are simply incremental changes that are not addressing what is one of the top barriers to cloud entry, and according to McAfee Asia-Pacific Vice President and CTO Michael Sentonas, we need to change our approach.

Speaking at VMware's vForum 2012 event in Sydney today, Sentonas said that what's readily available on the market today to address security concerns are little more than measures taken from a non-cloud world that are simply updated, or upgrades to fit into the cloud-based or virtualised systems of today.

"When you look at a lot of the technologies that are available today [...] a lot of them are kind of just incremental feature upgrades to existing products, and what I mean by that is smarter antivirus running in the datacentre. As an example, agent-less antivirus. We've all done that in the industry. Move on. We need to start thinking about different technologies."

Sentonas said that the same applied to firewall technology, which has merely been upgraded to provide intra-VM control and inspection.

"Has it increased confidence in the cloud? Probably a little. Has it exponentially increased confidence? No, not really," he said.

"We need to think about things in the industry somewhat different, and we need to do a lot of innovation in this space to facilitate a lot of the technologies that are available today."

Sentonas questioned why businesses were still so focused on placing traditional antivirus products on their high performance datacentres when they don't necessarily operate like a typical desktop environment where such a strategy might be valid.

"Why are we worrying about antivirus in a high performance datacentre — whether it's agent-less or agent-based — [...] when, very easily, we can keep a list of the hashes of every application or every file, and only scan it if that hash changes? Performance through the roof. That's obviously what we want inside the datacentre."

Sentonas also said that this ties in with a focus on change control rather than wastefully scanning everything on the server, adding that a side effect is virtual machine density increasing exponentially by making a shift away from what he called traditional security models.

"Your servers should not be changing. Your primary domain controller should not be going through massive revisions very often; your email servers; your webservers. Some of the content will obviously change, but the fundamentals on that device do not change. Simply lock it down, and it's going to be a hell of a lot more efficient using a model like that inside your datacentre."

At the same time, Sentonas said that while some businesses' security concerns are legitimate, there are plenty of providers who are doing things right and have already dealt with majority of the issues.

"There's a perception that it is unsafe and unsecure — there's no way of controlling your data — and that is fundamentally wrong. There are many ways of brokering service level agreements that are probably more stringent than what a lot of organisations themselves can create. There's high performance, high availability infrastructures that can be built [...] that could be, [if] implemented correctly, better than what most organisations could install themselves."

Topics: Security, Cloud, Virtualization, VMware, Australia

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cloud (In)Security

    Hold on! "Cloud" is VERY OLD. Remember the IBM 360/67 and IBM System/370, and others. What about VM/360, MVS, etc.?

    Nothing technologically new in "cloud" - just virtual machines coupled via Internet (TCP/IP) comms BUT what makes it NOT NEW is the fact that such processors as Intel x86 are used with fixes to allow hardware based virtualisation (Yes - even Intel tells us that!)

    (Remember that VMWare - ex UC Berkley - was based on a technology that got virtual machines up on x86 architecture that did NOT have virtualisation hardware support at the time! To quote Wikipedia:
    "VMware's products predate the virtualization extensions to the x86 instruction set, and do not require virtualization-enabled processors. On newer processors, the hypervisor is now designed to take advantage of the extensions. However, unlike many other hypervisors, VMware still supports older processors." )

    So - compromise the hypervisor and its all over!!! That is NOT NEW!
    For example, side channel analysis from one virtual machine to another to compromise any encryption used to protect your data files!!

    NO - "cloud" is NOT YET that safe and secure environment we need right now - unless of course we are talking about "private clouds" - ones you operate yourself on your systems and NOT via some commercial "public cloud" service with totally shared infrastructure. Remember - cybersecurity is all about confidentiality, integrity and availability - not just that last one!
    • Cloud (In)Security

      Totally agree with you and included some of your points in the presentation, especially your last para. Mike