Two words -- cloud security -- dominated discussion and drove the action this week at RSA Conference 2009.
Throughout the event, attendees -- who seemed to number fewer than in recent years -- were warned of a broad spectrum of potential danger areas from cloud computing services, including data loss and integrity, compliance, liability, reliability, authentication and information life-cycle management.
Cloud security clearly lags, experts said, advising that until it catches up, businesses need to understand the dangers, weigh them against the corporate benefits and exercise aggressive risk management.
But there are promises of help from vendors whose RSA announcements were tailored to address some of the cited cloud shortcomings. Cisco, for instance, announced a cloud-based security service that pulls threat data from around the Internet and pushes it to users.
This is similar to an approach touted at the show by Trend Micro ahead of a formal announcement coming next month. Its OfficeScan client-server suite relies on servers in Trend's network to check the reputations of files, Web content and e-mail rather than relying on desktop protection, which may not be up-to-date.
Similarly, McAfee's CEO Dave DeWalt during his keynote address announced his company's road map toward predictive security, cloud-based sharing of threat intelligence among different categories of security devices to find and block malicious activity sooner than traditional methods.
Network services provider Savvis launched a Web application firewall service based on a choice of Imperva WAF appliances or virtual instances of its software that reside between the Internet and its network. Savvis said it thinks customers comfortable with its software-as-a-service offerings will also embrace cloud-based security.
Arthur Coviello, president of conference sponsor RSA, said that his company's cooperation with Cisco and Microsoft will result in common language to enable the sharing of intelligence about data-loss threats in the cloud as well as within corporate networks.