Mark Yakabusi, Vice President for Hardware Security Module Business Unit at Safenet, speaks here about cloud security and the considerations businesses must give to risks cloud storage presents as they make the switch.
Safenet has announced the world's first Crypto Hypervisor and how it took traditional hardware security and apply that to cloud. Mark Yakabusi from Safenet explains here.
What are the main threats that you see out in the cloud market place at the minute that businesses should be the most concerned with?
I think to answer the question you need to first start with the definition of cloud. The definition of cloud depends upon who the audience members are. We define cloud as anything from virtualised data centre all the way through to public cloud and everything in between. Whether that be a hybrid cloud model or a private cloud on premise model. So the threats are also different pending on the model. So one of the things why we redefined those particular models is because right now the biggest threat of people moving to full cloud is control and trust. So we see the primary target for now being private cloud but are also happy to be part of an earlier doctrine infrastructure of full cloud.
What would you advise organisations do when they are looking at a cloud security solution? What are the key things they need to keep their eyes open for?
I think the answer again depends upon what they define as a cloud. There are a lot of similarities, again control central governments compliance what are they are looking for across the organisation. What are they willing o move out of their direct control from an infrastructure perspective and if they do do that in public cloud models what kind of assurances they have that they will get digital control. So that example is one of the reasons that Amazon launched its cloud A – Z service on the back of safenet by products which is primarily offering the capability for those customers making the journey to Amazons cloud to give them the security control back based on the fact that they can have trust and control back are the only end user and have access to their digital cryptic material.
There is a lot of talk about digital keys and their use within cloud services. Why are they important and what are they?
To answer that a little bit of a history on digital keys and encryption and Safenet has been in the hardware business of encryption for quite some time. We have maintained our pedigree in the market in that but as you move to the cloud and virtual infrastructure; the same definition I talked about earlier was private cloud all the way to public cloud. Traditional hardware does not scale very well that way so one of the things that we have seen in terms of customers evolving and evolving their move to the cloud depending on their definition of cloud is how does the hardware cryptography allow them to make that move. The answer up until fairly recently was it is very difficult. Some of things that have been enabled in what we have launched in the Crypto Hypervisor capacity at Safenet is really the ability to stand up on-demand services for cryptographic hardware services that act just like cloud and virtual infrastructure services.
You are announcing the world's first Crypto Hypervisor. What was the gap in your offering at the time that led to this product being developed?
The gap was how do we take traditional hardware security and how do we move it to the market that wants to move to cloud, whether that be private data centre or virtual data centres all the way through to public cloud. Traditional hardware like traditional server hardware didn't or doesn't scale very well which is one of the biggest benefits of cloud the ability to scale up and down in real time. The elastic services real time demands, quicker time to market for applications. So those are the things that we considered when we designed what we want to do with our solution so it will be both and it will maintain its vested market pedigree for security and in the same solution that offers – we move more than a trillion dollars a day in financial transactions on the back of our HSM technology. We protect more PKI identities than any other AKO technology in the market. How can we take that security pedigree and move it to a cloud infrastructure and so what we did was we abstracted the hardware, we did not take away any of the security implications of the hardware we abstracted it so that it can be stood up in a service model and be consumed just like cloud resources.
Of course the use of the virtualisation layer is what sets this product apart from a lot of the others out there isn't it?
Absolutely so when I used the words abstracted I choose the word purposely because it does present a virtualised HSM to the end user but we haven't virtualised the security perspective of the protection of keys and hardware.
Have you found that organisations are addressing security risks as part of their development or has it tended to be a bolt on afterwards when they suddenly realise that they might be at risk?
There is a shift that I think we are a part way through and many of the enterprises that are making that journey to cloud again whether it be private or public. Traditionally 5 or 6 years ago security was a bolt on and it was an afterthought and it was okay now we are deployed now we had better think if we are secure. That is changing quite quite rapidly changing. Most of the enterprises in the service providers we talk to are taking the steps to introduce security up front initially.