Welcome!

Eclipse Authors: David Smith, Bob Gourley, Lacey Thoms

Related Topics: Open Source, Security

Open Source: Article

Security Management Enables Cloud Computing

Open Group conference shows how security standards and governance hold keys to enterprise cloud adoption
By Dana Gardner
Article Rating:
July 21, 2009 08:45 PM EDT
Reads:
 6,268

This BriefingsDirect guest post comes courtesy of Jim Hietala, vice president of security, The Open Group. You can reach him here.
By Jim Hietala

Spending the early part of this week in The Open Group Security Forum meetings, I have been struck by the commonality of governance, risk, compliance, and audit issues between physical IT infrastructure today, and virtual and cloud environments in the (very) near future. Issues such as:

  • Moving away from manual compliance processes, toward automated test, measurement, and reporting on compliance status for large IT infrastructure. When you are talking about physical infrastructure, manual compliance is difficult, expensive in labor cost, and sub-optimal -- given that many organizations choose to sample just a few representative systems for compliance, rather than actually testing the entire environment. When you are talking about virtual environments and cloud services, manual compliance processes just won’t work, automation will be key.
  • Incompatible log formats output by physical devices continues to be a problem for the industry that manifests itself in problems for security information and event management systems, log management systems, and auditors. Ditto for virtual and cloud environments, at much larger scale.
  • Managing security configurations across physical versus virtual and cloud environments provides similar challenges. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Emerging-standards work from the Security Forum, which was originally conceived as solutions for some of these issues in traditional IT environments (in house, physical servers), will have important applications in cloud and virtualization scenarios. In fact, with the scale and agility provided by these environments, it is hard to think about adequately addressing audit and compliance concerns without standards that provide for “scalable automation.”

The Automated Compliance Expert Markup Language standards initiative will address issues of security configuration and compliance alerting and reporting across physical, virtual, and cloud environments. The revised XDAS standard from The Open Group will address audit incompatibility issues. Both of these standards efforts are work-in-progress at the present time, and our standards process is truly and open one. If your organization is a customer organization grappling with these issues, or a vendor whose product might benefit from implementing these standards, we invite you to learn more.

This BriefingsDirect guest post comes courtesy of Jim Hietala, vice president of security, The Open Group. You can reach him here.

Published July 21, 2009 – Reads 6,268
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Dana Gardner

At Interarbor Solutions, we create the analysis and in-depth podcasts on enterprise software and cloud trends that help fuel the social media revolution. As a veteran IT analyst, Dana Gardner moderates discussions and interviews get to the meat of the hottest technology topics. We define and forecast the business productivity effects of enterprise infrastructure, SOA and cloud advances. Our social media vehicles become conversational platforms, powerfully distributed via the BriefingsDirect Network of online media partners like ZDNet and IT-Director.com. As founder and principal analyst at Interarbor Solutions, Dana Gardner created BriefingsDirect to give online readers and listeners in-depth and direct access to the brightest thought leaders on IT. Our twice-monthly BriefingsDirect Analyst Insights Edition podcasts examine the latest IT news with a panel of analysts and guests. Our sponsored discussions provide a unique, deep-dive focus on specific industry problems and the latest solutions. This podcast equivalent of an analyst briefing session -- made available as a podcast/transcript/blog to any interested viewer and search engine seeker -- breaks the mold on closed knowledge. These informational podcasts jump-start conversational evangelism, drive traffic to lead generation campaigns, and produce strong SEO returns. Interarbor Solutions provides fresh and creative thinking on IT, SOA, cloud and social media strategies based on the power of thoughtful content, made freely and easily available to proactive seekers of insights and information. As a result, marketers and branding professionals can communicate inexpensively with self-qualifiying readers/listeners in discreet market segments. BriefingsDirect podcasts hosted by Dana Gardner: Full turnkey planning, moderatiing, producing, hosting, and distribution via blogs and IT media partners of essential IT knowledge and understanding.