Cloud computing security issues on tap at RSA Conference 2012
February 16, 2012
As more organizations delve into public and private cloud computing, security issues are becoming more pressing. RSA Conference 2012 is testament to the growing interest in cloud security: An entire track is devoted to the topic, with sessions scheduled on cloud data privacy and data integrity in the cloud.
In addition, the Cloud Security Alliance (CSA) will hold its third annual summit at the conference. The future of cloud security standards will be among the cloud computing security issues discussed at the summit, which is expected to draw about 1,100 attendees…
“If you go back a year or two, there were still a lot of questions about what the cloud is and the distinction between cloud models,” said CTO and EMC Fellow Bret Hartman of RSA, the Security Division of EMC Corp. “We’re definitely way beyond that. … Now it’s a question of how do we move towards this hybrid world where we’re getting comfortable with outsourcing certain services – then the security issues become much more significant.”
He expects authentication will be one of the hot cloud computing security issues at the RSA Conference. “It’s the first big area that companies have to address if they think about the cloud because they have to secure enterprise access across multiple services,” Hartman said. Another major cloud security topic will be what he calls “the other half of the equation”: mobile computing.
If cloud computing services are generally accessed by new types of mobile devices, the security of both together needs to be considered, Hartman said. “You can’t really think of one without the other.”
CSA tackles mobile, cloud computing legal issues
In fact, mobile security is an area the CSA plans to address; the global nonprofit group expects to announce a mobile initiative at the RSA Conference, said CSA Executive Director Jim Reavis. “How do you manage these smart devices that are potentially employee-owned and working on business information outside of the corporate perimeter, accessing a public cloud? It’s a model we haven’t really addressed with the [CSA] framework,” he said. “If we’re not addressing that portal into the cloud, we’re going to be missing the boat.”
“We want to take the marketing hype out of these complex legal issues.”Jim Reavis, CSA executive director
The CSA also plans to launch an initiative to address cloud legal issues such as the U.S. Patriot Act and the proposed new European Union data protection regulation. The CSA isn’t a lobbying organization, but it hopes to provide some clarity for cloud providers and customers on how to interpret these types of regulations, Reavis said. A growing cloud computing security issue has been cloud providers outside the U.S. claiming to be exempt from Patriot Act requirements.
“We want to take the marketing hype out of these complex legal issues,” Reavis said. “We want greater transparency so we can help advise policy makers and consumers on how to move forward.”
Other announcements the CSA plans to make include an expansion initiative into Asia Pacific. Reavis said CSA has seen a lot of growth in its corporate membership in that region and wants to have a more tangible presence there.
Overall, there’s been a lot of growth in both private and public cloud computing adoption but security continues to an afterthought; organizations continue to race to use IT for solving business problems, adding security later, he said.
“Because it’s new, we’re still working our way through how we [will] try to build in [security] versus bolting it on,” he said.
New cloud security technologies
Among all the security technologies showcased at RSA Conference 2012, attendees can expect to see plenty of cloud security offerings.
“You’ll see a lot of vendors talking about how they can help with security as more people move their infrastructure into the cloud,” said Michael Callahan, vice president of product and solution marketing for HP enterprise security products. “Security remains the top inhibitor to people adopting more cloud technologies and hybrid environments. What you’re starting to see is the vendors have put more research into, and have developed more solutions to ensure you have this level of security as you move your infrastructure into the cloud.”
In general, organizations are adopting hybrid cloud environments, he said. “It’s not like keep everything on premise or move everything into the cloud.” They’re looking to security vendors for help in getting a complete view of their security posture in those hybrid environments, Callahan said.
Cloud provider transparency – or lack thereof — has been a continuing cloud computing security issue. “At RSA, what we may see is innovation to help bridge that lack of transparency,” he said.