Rackspace cooking up security-secret-sharing cloud cabal
Top-tier clouds invited into information-sharing club to speed defence deployment
Rackspace is leading an effort to create a new group of top-tier cloud companies that it hopes will share information about security in close to real time.
Rackspace chief security officer Brian Kelly today told The Reg at a Sydney event that he feels cloud companies have to take a lead to address security challenges. Rackspace, he said, operates a skunkworks in which it is considering approaches such as asking CPU-makers to add security functions to silicon in order to make dedicated security appliances less relevant. That effort, he said, has seen Rackspace hire two of three leaders of the US military's online operations squads because Rackspace wants that kind of expertise and experience on staff.
Another approach Kelly feels is necessary is for cloud leaders to come together to share information, so that when one detects an attack or a threat, the others are quickly made aware of it. All, it is hoped, will therefore be better positioned to combat emerging threats.
Kelly said Rackspace has developed a platform to monitor its own systems for attacks or emerging threats, and provide information on them at speed. The company hopes the new group will be willing to both consume that feed and contribute to it. Intel, Dropbox, Google, Microsoft and Amazon Web Services are either on the target list or have already entered discussions about the group.
It's hoped the group will launch later this year.
Another new Rackspace initiative Kelly mentioned can be described as a security operations centre-as-a-service. Kelly said few organisations can afford or have the capabilities to run a proper security operations centre (SOC) and those that have subscribed to them often feel the experience is poor because knowing about new threats is one thing but being ready and/or able to combat them is another.
Kelly said Rackspace's service will deliver news of threats, but will meld with its managed cloud to also offer remediation.
The new service is currently being piloted “with two global customers” and is planned to commence operations on October 1st. ®
- Black Hat
- Cloud native
- Common Vulnerability Scoring System
- Content delivery network
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Edge Computing
- Google Cloud Platform
- G Suite
- Hybrid Cloud
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Private Cloud
- Public Cloud
- Trusted Platform Module
- Zero trust