RSA Report: Cloud Security, Protection, Remains Hot

For the second year in a row, the security minds at the RSA Conference were fixated on cloud security. Crowds on the expo floor flocked around vendors  such as Zscaler presenting their take on what it means to secure the crowd and long lines snaked through Moscone corridors in anticipation of talks such as "Cloud  Computing: A Brave New World for Security and Privacy" or "Trends in Security Delivery Models: Cloudy Skies Ahead?"

So what has the difference been in this year’s agenda versus last year? According to Rob Ayoub, analyst with Burton Group, this 2011 focus on cloud protection seems a little more substantial.

"I think we got over that initial shock about ‘Oh my God , the cloud is coming,’" Ayoub said, "So now there really is a much greater emphasis on education of what cloud means. I think this year the professionals are looking for a lot more details around solutions; how does this really work in practice, how will this work in my institution?"

Ayoub’s sentiment was echoed by Art Coviello during the RSA company chief’s keynote to kick off the show. Coviello said that his repeated keynote theme of cloud security is not going to be like the re-hashing he and other industry experts did around public key encryption (PKI) back in the day.

"Last year my keynote was about the promise. This year it’s about the proof.

"The promise is that you can achieve safety in the cloud. The promise is that we can fundamentally do security differently and better," Coviello said. "The proof comes when, by leveraging virtualization technology, we demonstrate better control and visibility, the key elements of trust, in cloud environments."

As he explains, the industry is already in the midst of an IT transformation, where investments are focused less on infrastructure issues and more on using information to solve business problems.

"But in any of these transformations the goal of security remains the same ‐ getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed," he said. "But independent of this transformation to cloud we’re seeing an enormous amount of change across the dimensions of information, identities and infrastructure ‐‐ creating a nightmare of control problems and visibility issues; the antithesis of trust."

Vendors are hoping to wake the industry from that nightmare with a spate of new products and industry alliances coming out of the RSA Conference–many of them geared toward the channel.

For its part, RSA and its fellow EMC company, VMWare, announced the forthcoming Project Horizon, a cloud-based management identity management service. Similarly, CA  is keeping the cloud focus on identity with a refresh of its Advanced Authentication Cloud Service that added tagless device identification, mobile authentication, and better integration with SiteMinder.

As an integral part of the shift to the cloud, virtualization security has gotten some much needed attention from the larger players, as evidenced by some of last week announcements. For example, HP announced that it is commencing work with VMware to improve integration with its TippingPoint intrusion prevention system (IPS) solutions for VMware vSphere-based environments to improve security management capabilities within the cloud.

According to Coviello, we’ll expect to see more of these types of announcements, as the industry has reached an inflection point.

"In the near future, trusted clouds will employ predictive analytics based on their understanding of normal states, user behaviors and transaction patterns to spot high‐risk events and allow organizations to proactively adapt defenses," Coviello said. "Adopting these principles enables a heightened level of control and visibility that will lead to trust. While I’ve advocated for these principles in the past, we are now at an inflection point where they are being applied in solutions arriving in the market place."