Vice President VeriSign India
Cloud Computing is the most significant trend in IT now, yet many of the organisations can’t fully trust it, why is that so?
Security has always been seen as the biggest barrier to putting applications in the cloud. Trusting a supplier with business-critical data has been a step too far for many large companies. Businesses have been rightly afraid that their data might fall into the wrong hands if they lose control of its security.
But the scenario is changing. Suppliers of Cloud Computing do not want customers auditing their security but they do not mind independent standards organisations doing so. They are now willing to put in place security that meets industry standards such as ISO.
VeriSign provides cloud-based security and authentication for the Windows Azure platform. Can you please elaborate on the same. In what ways does Verisign have an edge over other players in the domain?
Microsoft will use proven VeriSign® Secure Sockets Layer (SSL) Certifi cates and VeriSign® Code Signing Certifi cates to safeguard cloud-based services and applications developed and deployed on the Windows Azure platform. The platform is comprised of Windows Azure: an operating system in the cloud; SQL Azure: a fully relational database in the cloud; and the Windows Azure platform AppFabric Service Bus and Windows Azure platform AppFabric Access Control – a set of pre-integrated, higher-level application services enabling developers to more easily deploy and manage composite applications spanning both server and cloud. Because cloud platforms like Windows Azure are elastic, dynamic and accessible from anywhere on the Internet, reliably securing the cloud requires an infrastructure that can meet the unique challenges of Cloud Computing by scaling on demand.
With VeriSign SSL Certificates, enterprise users can be assured that applications running on Windows Azure are secured by strong SSL encryption. VeriSign SSL also protects data moving between users, applications and servers, while providing authentication between users and cloud based servers.
Developers of Windows Azure applications can sign their code with VeriSign Code Signing Certifi cates, which signal to end users that the applications come from a trusted publisher. Code Signing Certifi cates serve as ‘virtual shrink wrap’ for cloud-based applications by applying a digital signature to code. A broken digital signature tells users that the application has been tampered with or modifi ed. VeriSign’s Certificate Management solutions simplify the administration of SSL certificates and digital signatures.
What are the issues which the enterprises will have to look into when moving from one cloud-based service to using several services from different providers?
Enterprises need to rely on multiple service providers as a single provider cannot offer all the required services (email services, email fi ltering service, authentication service, policy management service, etc.) The enterprises need to ensure that the service provider has sustainable, scalable, and available services that are also secure. Also, the provider has to cater to customer needs immediately and should be continuously able to address their requirements and changing business needs and challenges. This requires the service to be time tested. Usually, such service providers are also audited for security compliance. Ultimately, the service provider needs to be trusted.
How prepared is the private industry to deal with the challenges and risks that come along with Cloud Computing?
The industry is not well armed to deal with the challenges and risks that come along with adoption of Cloud Computing; right from security risks to lack of standards for Cloud Computing. Corporate concerns over data security are holding back Cloud Computing. Security experts, software suppliers and cloud service providers alike see the cloud as a once in a lifetime opportunity to make information security better than ever. However, if handled properly, the
shift to cloud-based computing could lead to better security. Understanding the value of each type of data can help businesses decide what type of cloud is the best fi t. Most organisations will probably not go for one type over the other, but instead use a combination of two to form a public-private hybrid. Still the problem remains of having no standards for Cloud Computing for handling different kinds of data, especially sensitive personal data such as healthcare records. Global IT security organisations and governments have a role to play in taking the lead on standards and should intervene rather than leaving it up to the emerging service providers.
Services that take in user identity need to offer an additional form of authentication Similar to software-as-aservice, the security-as-a-service model of VeriSign Unifi ed Authentication delivers a range of advantages such as low total cost of operation, no major capital expenditures, built-in scalability and reliability, and out-of-the-box integration with existing infrastructure.
How big is the Cloud Computing market in India? What is your company’s plan to optimise this market in India?
The Indian market for Cloud Computing is huge. There are 8 million SMBs in India with around 35 million employees and 10 million potential users of Cloud Computing. By 2012, customer spending on IT cloud services will grow almost threefold, to $42 billion and account for 9% of revenues in fi ve key market segments (business applications, application development or deployment, system infrastructure software, storage and servers), according to IDC. The analyst fi rm predicts that spending on IT cloud services is growing at over fi ve
times the rate of traditional, on-premise.
VeriSign helps companies control access to organisational assets with better access management and unifi ed identity across the organisation and between business partners. VeriSign secures critical business interactions and operations with services based public key infrastructure (PKI) and one-time
password (OTP) solutions. VIP or VeriSign Identity Protection adds a second layer of security to online transactions and enables organisations to secure access to their networks and websites more conveniently and for customers it enables safer transactions.
EV-SSL certifi cates provide a visual identity with the address bar turning green and the name of the enterprise shown as the legal owner of the site. VeriSign’s PKI solutions protects applications that demand the highest level of security, enabling online banking and trading, Web services-based business process automation, digital form signing, enterprise instant messaging, and electronic commerce. The system uses a pair of mathematically related keys—called a private key and a public key—to encrypt and decrypt confi dential information and to generate and verify digital signatures
What are your future plans in the Cloud Computing domain?
Our best example of Cloud Computing is VIP (VeriSign Identity Protection). Historically companies haveused two-factor authentication by buying a server, operating that infrastructure inhouse and paying the license fee for the software. the way we’ve built VIP allows somebody to do all that authentication at the veriSign datacentre, and we charge them per user, per year, typically.
The way we’re doing VIDN (VeriSign Internet Defense Network), which is our DDoS (Distributed Denial of Service) mitigation project, is also a Cloud Computing service. Instead of a company going in to buy a lot of new infrastructure to handle a DDoS attack and manage that infrastructure, they just redirect all their traffi c to VeriSign.
We go ahead and provide the extra bandwidth and fi lter out the bad traffi c and just send the good traffi c back to the company. That’s another pure cloud-based service.Our PKI (Public Key Infrastructure) and SSL (Secure Sockets Layer) services are generally cloud-based as well.
In some cases, they do have elements of their service that sit within the customer premise for management and administration, but they are relatively cloud-based services. VeriSign will continue to enhance these services and offer more cloud based services that will bring trust to the consumer, business, government, and ultimately to the Internet.