A new program from McAfee will offer software-as-a-service (SaaS) providers the ability to add more security to their cloud deployments. McAfee Cloud Secure combines cloud security certification services with automated auditing, remediation and reporting capabilities to bring extra security to the cloud.
The McAfee program addresses security concerns of end-users over cloud-based services, which is the biggest issue around the adoption of cloud services (according to IDC research). According to McAfee, the addition of automation and certification provides SaaS customers with more confidence in their cloud deployments. The company expects Amazon Web Services and SuccessFactors to be the first SaaS providers to leverage the new Cloud Secure program.
“McAfee Cloud Secure is our first step toward proactive and comprehensive security certifications and tools for the cloud,” said Marc Olesen, senior vice president and general manager of McAfee Software-as-a-Service, in a statement. “With the McAfee Cloud Secure program, we are adding peace of mind for those with cloud deployments, helping end-users more easily evaluate and select a
safe and secure vendor.”
By partnering with certification delivery vendors, McAfee will offer cloud security certification services through the program. The certification services will be tailored to the needs of SaaS and cloud
Additionally, the automated auditing, remediation and reporting capabilities will offer providers automatic, daily security audits, as well as remediation of vulnerabilities and reports on the security status of their services and networks that use the McAfee Cloud Secure service. If they pass a daily scan and other security checks, providers will receive the “McAfee SECURE” mark for use in their cloud services and on marketing collateral.
The entire program is built around the McAfee SECURE technology and “Trustmark,” which appears on more than 80,000 websites. The mark’s purpose is to provide users with confidence in using the websites and services that show it.
While businesses want to adopt cloud services, there is a great concern about the security risks, and the creation of the Cloud Secure program is one step in making end-users and businesses feel more secure about using the cloud, said Allan Krans, analyst at Technology Business Research Inc. (TBRI).
“There are a number of different tools and strategies that you can use for web applications in general. All the big financial institutions have been doing some type of consulting engagement or SaaS services. … They all need to make sure that they’re protecting that properly and making sure that you can’t break in or get a download of credit card numbers,” he said. “So I think those processes have been in place for quite some time, but the cloud brings those same types of risks to a different set of applications and uses. Now it’s not only banks and whatnot; it’s corporate institutions that have an Amazon account or have a server or do some development work or even access from Salesforce client records. It takes processes that had formerly been on the inside of corporations, no access to the public, and puts them in a public-facing position.”
The value proposition of being able to attach the McAfee SECURE label to cloud services means greater peace of mind in the eyes of the user, he said. It means it’s safe and there’s something that will ward off the risk that goes along with cloud computing.
McAfee is one of the first companies to put a label on cloud computing security and package it, but the processes are not entirely new. Security has been attached to cloud computing from the beginning, but there are trust issues, Krans said. Similar in a way that a consumer would see the VeriSign checkmark and understand a site is secure, the McAfee Cloud Secure program will show cloud computing users that the services boasting the McAfee SECURE tag are secure.
“It’s putting out a standard set of processes. … It gets the conversation started in terms of what are the key components that you should look for when you are going to be doing cloud computing,” Krans said.
He added that he expects to see more of this kind of thing coming from other vendors in the future.
“It’s a new opportunity for security guys to deliver growth and capitalize on this new bucket of risks that come along with cloud computing,” Krans said.