RSA and NetApp address cloud computing data privacy

Cloud computing

Compliance and security are two major issues in any IT environment but none more so than in the cloud.

At the IP Expo in London today, RSA Security and NetApp outlined their very different methods of access control in a cloud computing environment.

Julian Wheeler, systems engineering manager at NetApp, said: "The reduced spend of IT departments means that the days when departments had five times the resources they needed are truly over. It is now generally seen that you can't have low utilisation anymore."

The solution, he said, is to have a multi-tenancy data centre with virtualised servers, but this then raised security and privacy concerns.

NetApp believed a unified storage architecture is essential to satisfy the differing requirements of different applications and users.

To offer end-to-end security in the multi-tenancy environment, NetApp has partnered with Cisco and VMware to offer IT as a Service (ITaaS).

Wheeler explained that entrusting security to the storage controller allows each application to be treated as separate entities. Data can be moved or refreshed without having to take the system offline.

"This gives us one vision for a unified, virtual infrastructure which can securely isolate stored resources," Wheeler said. "It also offers savings."

He pointed out the case of Nottinghamshire Healthcare Trust which adopted NetApp's product with deduplication and compression enabled. This allowed them to reclaim 50 per cent of their storage, using 75 per cent less rack space and reduced their cooling requirements by 67 per cent.

"With government cutbacks coming into effect these savings are allowing the Trust to save money without having to make drastic cuts to their services."

RSA Security has also created an end-to-end secured cloud. RSA is part of EMC, so the company's choice of storage partner was obvious - VMware and Cisco who are becoming a common factor with many cloud computing suppliers.

Rashmi Tarbatt, RSA's chief security architect for the EMEA region, said moving to the cloud does not mean scrapping current security practices.

"The difference is that the composite stack of cloud infrastructures offer a better view of what is going on," she explained.

This does have a spin-off effect in that roles of staff have to change.

"People that function historically as network administrators, systems administrators, and suchlike, all come together in a single function. This does not necessarily mean that you only need one person but the correlated view of all that is going on will mean that these roles have to be redefined."

When a policy has been defined, the result is often hundreds of logs so there is a need to decide which logs have priority - which are more important to the business processes. Within the policies, there will also be certain governance, risk management and compliance regulations that need to be applied.

RSA's acquisition of Archer has brought a useful tool, Tarbatt said. The Archer eGRC Suite allows the application of compliance rules to be automated ensuring that everything is standardised.

Though their companies may differ in the detail, both Tarbatt and Wheeler agreed cloud infrastructures are set to free up administrators to concentrate on more pressing issues of how the systems can better serve the business.