Two of the big take-aways from the RSA Conference last week:
1) Cloud computing (in all its forms) presents substantial new challenges to an organization's data security and risk management plans. A speaker in one of the sessions made an interesting point (sorry, I don't have the speaker's name in my notes): organizationally, we've been through a similar sea change before: when PCs invaded businesses roughly 25 years ago, and the data that had been carefully kept in a centralized computing infrastructure spread out into the personally-managed, unsecured personal computers. Like it was "easy" for employees to bring personal computers into an organization, now it is "easy" for employees to sign up for cloud computing services and start storing protected information outside the organization's control.
We need better ways for organizations to know where in the cloud its information resides, who is putting the data into the cloud, who is accessing the data, and manage the risk of that information.
2) Cloud computing offers very handy new ways to deliver security functionality to customers. Web application firewalls, data loss prevention, email anti-virus and anti-spam, and other technologies provided as cloud services offer convenient new capabilities for customers, and new market opportunities for providers.
As a result, I think that delivering security functionality as cloud services will help make it easier to provide security for mobile devices, particularly laptops at this point. I hope we can drive smart phones and tablets towards better security through cloud offerings as well.
No comments:
Post a Comment