Mechanical sounds
>> Mr. Adrian Gepp: The promise is that you can achieve safety in the Cloud. The promise is that we can fundamentally do security differently and better. The proof comes when by leveraging virtualization technology, we demonstrate better control and visibility, the key elements of trust in Cloud environments. At this point, the IT industry believes in the potential of virtualization and Cloud computing. IT organizations are transforming their infrastructures. We're well on our way to an era of applied IT, where investments will focus less on leveraging IT -- less on spending money on infrastructure, and more on leveraging IT to solve business problems. But in any of these transformations, the goal is always the same for security: Getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed. But independent of this transformation to the Cloud, we're seeing an enormous amount of change across the dimensions of information identities and infrastructure, creating a nightmare of control problems and visibility issues -- the antithesis of trust. First, we have a tidal wave of information being created, and more and more sensitive information being shared all the time. This creates significant information governance challenges regarding where sensitive data moves, who gets it, how it's protected at rest and in motion, and how -- in a world of replication -- we delete it. And on and on. Second, identities are proliferating. In addition to our traditional internal users, we have customers, partners, a growing number of mobile workers using consumer devices, and even machines accessing infrastructure and information. Everyone and every thing needs access. Third, the entire IT staff is changing. We have a virtual layer now that abstracts the underlying storage, compute and network infrastructure. Our boundaries become logical, rather than physical. Our workloads now move, so we can no longer depend on the physical infrastructure as a proxy for the information or process we are trying to protect. And as the endpoint splinters into a thousand variations, the IT team is losing control and visibility over that, too. And there are two other dimensions of change. Threats have shifted from viruses and malware to more advanced, persistent threats that make static policies and signatures all but useless. The same is true for insider attacks. There's no antivirus signature for a crooked database administrator. Compliance also continues to evolve, with more regulation, more changes within regulations, and greater and greater reporting requirements. So considering all these changes that have been created, it may at first seem that virtualization and Cloud complicate the problem. It's certainly widely reported that confusion and fear are holding organizations back from adoption. But deliberately or not, organizations are already moving to the Cloud in response to business demands. Fearful or not, these changes are making Cloud adoption inevitable. Pardon another historical reference, but it reminds me of the time before Columbus -- a world brimming with opportunity beyond the horizon, yet unexplored, because of perceived dangers lurking past where the eye could see. And just as reaching the East by sailing west was counterintuitive, it may seem counterintuitive to use the technology enabling the Cloud -- virtualization -- to secure the Cloud. But we can. In other words, virtualization is our silver lining in the Cloud. All right, penalize me 10 yards for the shameless use of a cliche. But if leveraged properly, virtualization can also be the pathway to surpassing the level of control and visibility that exists today in physical environments, transforming the infrastructure itself into a vital resource for improving security and compliance, in three fundamentally different ways. First, security does become -- not only logical -- but truly information-centric. In virtualized environments, static physical perimeters give way to dynamic logical boundaries defined by information and transactions themselves. Logical boundaries form the new perimeters for trust. And virtual machines adapt security to their particular payloads, carrying their policies and privileges with them as they travel across the Cloud. Second, security becomes built-in and automated. In Clouds, where information, VMs and virtualized networks relocate in the blink of an eye, security measures must be just as dynamic. Achieving this means building security into virtualized components, and by extension, distributing security throughout the Cloud. Also, automation will be absolutely essential to enabling security and compliance to work at the speed and scale of the Cloud. Policies, regulations and best practices will be codified into security management systems and enforced automatically, reducing the need for intervention by IT staff -- a problem that is getting away from us today. And third, security becomes risk-based and adaptive, because static security approaches can't address evolving threats. In the near future, trusted clouds will employ predictive analytics -- based on an understanding of normal states, user behaviors and transaction patterns -- to spot high-risk events -- anomalies -- and allow organizations to proactively adopt defenses. While I've advocated for these principles in the past, we are now at an inflection point, where they are being applied in solutions today that give us heightened levels of control and visibility.
Mechanical sounds
==== Transcribed by Automatic Sync Technologies ====
