Don't approach cloud security the traditional way: McAfee

Cloud is a new field with new challenges, so McAfee's Asia-Pacific VP and CTO Michael Sentonas asks why we still take traditional approaches to security.
Written by Michael Lee, Contributor

Security measures in the cloud are simply incremental changes that are not addressing what is one of the top barriers to cloud entry, and according to McAfee Asia-Pacific Vice President and CTO Michael Sentonas, we need to change our approach.

Speaking at VMware's vForum 2012 event in Sydney today, Sentonas said that what's readily available on the market today to address security concerns are little more than measures taken from a non-cloud world that are simply updated, or upgrades to fit into the cloud-based or virtualised systems of today.

"When you look at a lot of the technologies that are available today [...] a lot of them are kind of just incremental feature upgrades to existing products, and what I mean by that is smarter antivirus running in the datacentre. As an example, agent-less antivirus. We've all done that in the industry. Move on. We need to start thinking about different technologies."

Sentonas said that the same applied to firewall technology, which has merely been upgraded to provide intra-VM control and inspection.

"Has it increased confidence in the cloud? Probably a little. Has it exponentially increased confidence? No, not really," he said.

"We need to think about things in the industry somewhat different, and we need to do a lot of innovation in this space to facilitate a lot of the technologies that are available today."

Sentonas questioned why businesses were still so focused on placing traditional antivirus products on their high performance datacentres when they don't necessarily operate like a typical desktop environment where such a strategy might be valid.

"Why are we worrying about antivirus in a high performance datacentre — whether it's agent-less or agent-based — [...] when, very easily, we can keep a list of the hashes of every application or every file, and only scan it if that hash changes? Performance through the roof. That's obviously what we want inside the datacentre."

Sentonas also said that this ties in with a focus on change control rather than wastefully scanning everything on the server, adding that a side effect is virtual machine density increasing exponentially by making a shift away from what he called traditional security models.

"Your servers should not be changing. Your primary domain controller should not be going through massive revisions very often; your email servers; your webservers. Some of the content will obviously change, but the fundamentals on that device do not change. Simply lock it down, and it's going to be a hell of a lot more efficient using a model like that inside your datacentre."

At the same time, Sentonas said that while some businesses' security concerns are legitimate, there are plenty of providers who are doing things right and have already dealt with majority of the issues.

"There's a perception that it is unsafe and unsecure — there's no way of controlling your data — and that is fundamentally wrong. There are many ways of brokering service level agreements that are probably more stringent than what a lot of organisations themselves can create. There's high performance, high availability infrastructures that can be built [...] that could be, [if] implemented correctly, better than what most organisations could install themselves."

Editorial standards