At the RSA Conference in San Francisco, much of the focus was on cloud computing and what vendors are doing to push security into the cloud. From IBM to Cisco to McAfee, vendors were talking up their approaches during the show, which ends today.
Every RSA Conference has a
popular buzzword or phrase. This year it was "the cloud."
In one way or another, vendors
their answer to handling security in the cloud. Cisco unveiled
a number of tools and services in the cloud April 21, even though a day later
Cisco CEO John Chambers described the idea
of securing a virtual cloud network as "a security nightmare."
IBM pulled the covers off a new arsenal
of products designed to protect cloud computing environments as well, while
McAfee CEO Dave DeWalt used his keynote to
talk about using the cloud in the context of what he called "predictive
security," his vision of how McAfee will share
in the cloud to better protect end users.
Tying it all together was the release during the show of a whitepaper by the
Cloud Security Alliance that offers guidance for organizations pursuing cloud
sweeping 83-page document
lays out a number of issues that need to be
addressed for organizations to mitigate risks tied to issues like storage and
virtualization in cloud computing environments.
"Aggressive adoption of cloud computing is clearly under way," said Jerry
Archer, chief information security officer at Intuit and part of the CSA, in a
statement. "The convergence of inexpensive computing, pervasive mobility and
virtualization technologies has created a platform for more agile and cost-effective
business applications and IT infrastructure. The cloud is forcing thoughtful
adaptation of certain security controls, while creating an even greater demand
for best practices in security program governance."
With the cloud computing train having officially left the station, Philippe
Courtot, chairman of Qualys, noted in his keynote that the adoption of cloud
computing is in some ways a response to the realities of securing and managing
today's IT infrastructure. For example, one out of 10 of the laptop
computers that have been purchased in the last 10 months will be lost,
potentially exposing corporate data, he said. In addition, Qualys has found that
it typically takes organizations 29.5 days to fix 50 percent of the
critical vulnerabilities on a network, he said.
"Five years ago, you know how long it was taking as an average? Thirty
days," Courtot said. "That inconvenient truth is very simply that, as
we all know it is getting harder and harder to secure the current
computing infrastructure. ... Obviously, something has to change."