Issue No. 01 - January/February (2010 vol. 8)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.33
Lori M. Kaufman , BAE Systems
A natural extension of cloud services is to extend platform independence via virtualization to a security model. For security as a service to be a viable cloud offering, customers must be able to establish their own security policies and risk framework. Today, cloud customers must purchase, install, and configure the antiviral, antispyware, antimalware, and so on, services in their host environment. However, if cloud providers offered security as a service in these virtualized environments, customers could integrate these security measures into their risk profile to ensure that the cloud risk posture is acceptable for their mission. By leveraging the service delivery model, a cloud can deliver security as a service as part of a virtualized infrastructure as a pay-for-service offering. This configuration lets customers selectively choose the countermeasures they wish to implement as dictated by their risk profile. The practicality of this security-as-a-service approach will continue to evolve with technology. In spring 2009, VMware released the VMsafe API, which supports third-party security applications in the hypervisor (a virtual-machine monitor). If VMsafe performs as claimed, it will enable the cloud-computing environment to support security as a service. The VMsafe API offers the immediate opportunity to begin the long-needed transition of cloud computing from a trusted environment to a secured environment.
cloud computing, computer security, VMware, VMsafe, software as a service, SaaS, security as a service
L. M. Kaufman, "Can a Trusted Environment Provide Security?," in IEEE Security & Privacy, vol. 8, no. , pp. 50-52, 2010.