LAS VEGAS – With businesses increasingly pursuing a mix of on-premise and cloud-based technologies, security needs to be a key part of conversations between companies and their cloud providers.
We’re seeing very clearly that not all SaaS [Software as a Service] providers are created equal.
Francis deSouza, senior vice president Enterprise Security Group, Symantec Corp.
This was the message of executives at Symantec Corp., who kicked off their annual Vision user conference in Las Vegas this week with a focus on cloud provider security and protecting virtual environments. As businesses look towards the cloud for services, they must hold providers to the same security standards they hold themselves to, explained Francis deSouza, senior vice president of the Enterprise Security Group at Symantec, during a panel conversation Tuesday on cloud computing.
Customers love the agility and lower cost the cloud promises, but they need to remember they are still “on the hook” when it comes to security, because they can still be liable if their data is breached, he added.
“We’re seeing very clearly that not all SaaS [Software as a Service] providers are created equal,” deSouza said, explaining that there are ones that build in security from the beginning as well as others that do not.
Though industry standards can help, organizations still need to talk to their cloud provider and auditor about their security needs, he added.
As part of its solution to the situation, Symantec revealed plans for a new application called Symantec Security Assessment for Salesforce.com users. Slated for release in mid-2011, the application will integrate with the Symantec Control Compliance Suite. Its goal: to offer companies better visibility into the security and compliance of their data when it’s in the cloud.
Symantec CEO Enrique Salem said the announcement is the first of several meant to provide “deep visibility” into the security posture of cloud providers.
“Working with companies like Salesforce.com we’ll give you [visibility] … and that’s something people have been asking us for over the past year and a half,” he said during his keynote Tuesday.
Cloud computing has taken somewhat of a beating of late due to the Amazon outage last month. That incident highlighted the danger of having a single point of failure, said Anil Chakravarthy, senior vice president of the Storage and Availability Management Group at Symantec, during the panel discussion on cloud computing. In the case of Amazon, the situation was caused by a mistake during a configuration change meant to upgrade the capacity of the primary network. The result was days of service problems.
For all the growing pains, cloud adoption is predicted to continue to increase, and Symantec is following suit with products. Beyond the Salesforce.com app, Symantec also announced a number of additions to its portfolio of cloud services, including a version of Backup Exec the company will be delivering via SaaS later this year.
“We’re helping to build cloud infrastructure, whether it’s a private cloud or a public cloud,” Salem said. “But we are also thinking about [two things]…one, how to help you build a private or public cloud service, and two, how do we actually deliver our services as cloud-based solutions.”