Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

What NetFlix Can Teach Us About Security in the Cloud

Home
Industry Insights
What NetFlix Can Teach Us About Security in the Cloud

Blog Article Published: 03/29/2011

By Eric Baize

For years, the security industry has been complacent, using complex concepts to keep security discussions isolated from mainstream IT infrastructure conversation. The cloud revolution is bringing an end to this security apartheid. The emergence of an integrated IT infrastructure stack, the need for information-centric security and the disruption brought by virtualization are more and more making security a feature of the IT infrastructure. The industry consolidation, initiated by EMC’s acquisition of RSA in 2006 and now well on its way with the recent acquisition of McAfee by Intel and Arcsight by HP, is demonstrating that the security and IT infrastructure conversation are one in the same.

We, the security people, must follow this transition and lay out a vision that non-security experts can understand without having to take a PhD course in prime number computation.

Let me give it a try by using the video rental industry as an example on why security in the cloud will be different and more effective.

Video rental industry:

1 – You start with a simple need: Most families want to watch movies in their living room, a movie of their choosing, at a time of their choosing.

2 – A new market emerges: Video rental stores with chains such as Blockbuster in the U.S. Do you remember the late fees?

3 – Then comes a new business model. Instead of paying per movie and driving to the store, you pay a monthly subscription fee and movies are delivered directly to your home. Netflix* jumps in and makes the new delivery model work with legacy technology by sending DVDs through postal mail.

4 – Increase in network bandwidth makes video on demand possible on many kinds of end-user devices from cell phones to video game consoles. Netflix expands its footprint by embedding its technology into any video viewing device that makes it into your home: Game consoles, streaming players and smart phones.

5 – Blockbuster has filed for Chapter 11 bankruptcy. Netflix is uniquely positioned to help consumers transition from the old world of video viewing with DVDs to video on-demand. The customer wins with better movie choices delivered faster.

The Security Industry

The parallel with the evolution the security industry is going through is striking:

1 – You start with a simple need from CIOs and CSOs: They want to secure their information.

2 – A new market emerges: IT security with early players focusing on perimeter security: Building firewalls around information and bolting on security controls on top of insecure infrastructure.

3 – Here comes the cloud, a different way of delivering, operating and consuming IT. IT is delivered as a service. Enterprises use virtualization to build private clouds operated by internal IT teams. The IT infrastructure is invisible and security is becoming much more information-centric. New security solutions such as the RSA Solution for Cloud Security and Compliance emerge, that focus on gaining visibility over the new cloud infrastructure and on controlling information.

4 – Increase in bandwidth makes it possible to expand private cloud into hybrid clouds, using a cloud provider’s IT infrastructure to develop new applications or to run server or desktop workloads. Security is changing as controls are directly embedded in the new cloud infrastructure, making it security aware. The need for visibility expands to cloud provider’s IT infrastructure and new approaches such as the Cloud Security Alliance GRC Stack enable enterprises to expand their GRC platform to manage compliance of their cloud provider infrastructure.

5 – What will happen to the security industry? It must adapt and manage the transition from physical to virtual to cloud infrastructures. First, by dealing with traditional security controls in physical IT infrastructure; then, by embedding its control in the virtual and cloud infrastructure to build a trusted cloud; and finally by providing a consolidated view of risk and compliance across all types of IT infrastructure: physical or virtual, on-premise or on a cloud provider’s premises. The customer wins: IT infrastructures have become security-aware, making security and compliance more effective and easier to manage.

So, does this explanation work for you? I welcome all comments below!

* Netflix is a registered trademark of Netflix, Inc.

Eric Baize is Senior Director in the RSA’s Office of Strategy and Technology with responsibility for developing RSA’s strategy for cloud and virtualization. Mr Baize also leads the EMC Product Security Office with company-wide responsibility for securing EMC and RSA products.

Previously, Mr. Baize pioneered EMC’s push towards security. He was a founding member of the leadership team that defined EMC’s vision of information-centric security, and which drove the acquisition of RSA Security and Network Intelligence in 2006.

Mr Baize is a Certified Information Security Manager, holder of a U.S. patent and author of international security standards. He represents EMC on the Board of Directors of SAFECode.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.