Every RSA Conference has a popular buzzword or phrase. This year it was “the cloud.”
In one way or another, vendors were pushing their answer to handling security in the cloud. Cisco unveiled a number of tools and services in the cloud April 21, even though a day later Cisco CEO John Chambers described the idea of securing a virtual cloud network as “a security nightmare.”
IBM pulled the covers off a new arsenal of products designed to protect cloud computing environments as well, while McAfee CEO Dave DeWalt used his keynote to talk about using the cloud in the context of what he called “predictive security,” his vision of how McAfee will share threat intelligence in the cloud to better protect end users.
Tying it all together was the release during the show of a whitepaper by the Cloud Security Alliance that offers guidance for organizations pursuing cloud computing. The sweeping 83-page document lays out a number of issues that need to be addressed for organizations to mitigate risks tied to issues like storage and virtualization in cloud computing environments.
“Aggressive adoption of cloud computing is clearly under way,” said Jerry Archer, chief information security officer at Intuit and part of the CSA, in a statement. “The convergence of inexpensive computing, pervasive mobility and virtualization technologies has created a platform for more agile and cost-effective business applications and IT infrastructure. The cloud is forcing thoughtful adaptation of certain security controls, while creating an even greater demand for best practices in security program governance.”
With the cloud computing train having officially left the station, Philippe Courtot, chairman of Qualys, noted in his keynote that the adoption of cloud computing is in some ways a response to the realities of securing and managing today’s IT infrastructure. For example, one out of 10 of the laptop computers that have been purchased in the last 10 months will be lost, potentially exposing corporate data, he said. In addition, Qualys has found that it typically takes organizations 29.5 days to fix 50 percent of the critical vulnerabilities on a network, he said.
“Five years ago, you know how long it was taking as an average? Thirty days,” Courtot said. “That inconvenient truth is very simply that, as we all know it is getting harder and harder to secure the current computing infrastructure. … Obviously, something has to change.”