This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Can a Trusted Environment Provide Security?
January/February 2010 (vol. 8 no. 1)
pp. 50-52
Lori M. Kaufman, BAE Systems
A natural extension of cloud services is to extend platform independence via virtualization to a security model. For security as a service to be a viable cloud offering, customers must be able to establish their own security policies and risk framework. Today, cloud customers must purchase, install, and configure the antiviral, antispyware, antimalware, and so on, services in their host environment. However, if cloud providers offered security as a service in these virtualized environments, customers could integrate these security measures into their risk profile to ensure that the cloud risk posture is acceptable for their mission. By leveraging the service delivery model, a cloud can deliver security as a service as part of a virtualized infrastructure as a pay-for-service offering. This configuration lets customers selectively choose the countermeasures they wish to implement as dictated by their risk profile. The practicality of this security-as-a-service approach will continue to evolve with technology. In spring 2009, VMware released the VMsafe API, which supports third-party security applications in the hypervisor (a virtual-machine monitor). If VMsafe performs as claimed, it will enable the cloud-computing environment to support security as a service. The VMsafe API offers the immediate opportunity to begin the long-needed transition of cloud computing from a trusted environment to a secured environment.

1. P. Mirchandani, "Security-as-a-Service—the Next Growth Area for Cloud Computing?" SC Magazine,26 Oct. 2009; www.scmagazineuk.com/Security-as-a-Service–The-next-growth-area-for-cloud-computing/ article 156193.
2. "Why Aren't Cloud Services Secured as a Service?" blog, 30 Sept. 2009; http://cloudsecurity.trendmicro.comwhy-arent-cloud-services-secured-as-a-service.
3. K. Krause, "Security as a Service: Hidden Treasures for Solution Providers," Business Solutions,1 Sept. 2009; http://bsminfo.com/article.mvcSecurity-As-A-Service-Hidden-Treasures-For-So-0001?VNETCOOKIE=NO.
4. N. Riter, "VMware Unveils Security API," Search Security, 22 Apr. 2009; http://searchsecurity.techtarget.com.au/ articles31679-VMware-unveils-security-API .

Index Terms:
cloud computing, computer security, VMware, VMsafe, software as a service, SaaS, security as a service
Citation:
Lori M. Kaufman, "Can a Trusted Environment Provide Security?," IEEE Security & Privacy, vol. 8, no. 1, pp. 50-52, Jan.-Feb. 2010, doi:10.1109/MSP.2010.33
Usage of this product signifies your acceptance of the Terms of Use.