Follow this blog:: RSS; Email Alert

TR Dojo

Video: Rushing into the cloud may create a security nightmare

May 5, 2009, 7:43 AM PDT

Takeaway: Security-as-a-service was the big theme at the 2009 RSA Conference. But rushing into the cloud may create a security nightmare. What happens if the cloud gets hacked?

April 24, 2009, 11:36 AM PDT | Length:00:04:26

View Transcript

Security-as-a-service was the big theme at this year’s RSA Conference in San Francisco. But companies rushing to cloud may be creating a security nightmare. ZDNet Editor in Chief Larry Dignan talks with Senior Editor Sam Diaz, and security blogger Ryan Naraine about how companies are securing the cloud and what happens if the cloud “gets hacked.” They also discuss whether companies are spending on security in light of the current economic climate.

Are current security measures sufficient for your company to move into the cloud?

Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

About Bill Detwiler

Bill Detwiler is Head Technology Editor of TechRepublic. Previously, he worked as a Support Tech and IT Manager in the social research and energy industries.

Full Bio
Disclosure
Contact

Transcript

>> This weeks RSA Security Conference kicked off and brought a few compelling themes but the 2 big topics appeared to securities and service and security spending. I'm joined here by Sam Diaz, Senior Editor at ZDNet and Ryan Naraine our lead Security Blogger. Thanks for being here.

>> Thank you for having me.

>> Thank you.

>> Securities as a service was a big theme at the show this year. Is it all it's cracked up to be?

>> I actually am sort of intrigued by the idea of securities and service. I think for too long we have seen users in charge of things like updates and patches and that sort of thing. I don't know that that's been necessarily effective. I think we put you know our selves and others at risk by doing those sort of things or following that pattern. For example I set in at the MacAfee Keynote at RSA and I'm sort of intrigued about this idea of a central intelligence data base. Someplace where all the you know the latest updates, the latest variants, the various worms, viruses that sort of things are all sort of kept and are pushed out to users as opposed to users having to go and pull them. I sort of like the idea and maybe it's time has come.

>> That makes me queasy. What happens if the cloud gets hacked?

>> Well that's the issue. Securities and services is all great and fun until they inaudible and the cloud gets hacked and no one's talking. I mean we're now in the very late stages of trying to think through how are we securing the cloud? Delivering securities and services is great as Tom said. I totally agree with him. We need to patch foreign users. There's no, the days of relying on end users to secure themselves is dead. We have to do it for them. The cloud is great for that. How are we securing the cloud? Are enterprises going to rush in to put data in a cloud when they don't know what kind of security, what kind of security is built into that infrastructure?

>> I would argue you know that the enterprise you know they should be looking at it I would agree that they should not necessarily rush into it. You know the cloud isn't necessarily secure as we'd like it to be yet but you know I don't think they should rush into it. I think should maybe tip toe and keep, keep their eye on it.

>> Are vendors saying it's cheaper?

>> It's definitely cheaper I mean everyone is in evaluation stages now. Inaudible asking this very question are you, are you rushing to the cloud? Are you evaluating? Everyone is evaluating right now? Sysco's Keynote was all about how great it is for them just putting the back bone together to support the cloud support infrastructure. So I think there are a lot of vendors for the cost benefit are actually rushing into it and I think that's where the real risk is because this is such a differential from like Black Hat. You go to Black Hat and all their talking about is how they're breaking the cloud and I come here and everyone is buying into the cloud. So the whole you know that.

>> So all the victims come to RSA?

>> Correct that's exactly it. Laughter

>> So speaking of the economy and the cloud being cheaper what was your economic vibe this week?

>> It was a very slow conference in a lot of, a lot of grumbles from security software vendors here. They're not hurting in terms of revenues and projections. They're hurting, security is interesting because of compliance issues and so many other things that help security spending it's, it's resistant to the recession but it's not obviously not recession proof. Spending is obviously going to be down but it's not going to be hurt like some other sectors and that's kind of like the theme talking to vendors here.

>> Yeah and I don't think companies can necessarily even admit to reducing spending costs. I mean what you have to spend because of things like compliance issues. You know it really does still remain a necessary spend. Although I will echo what he said about the, the attendance at the show. It was very light. There were plenty of seats in the keynote areas and the you know the people in the booths were doing everything they could to get you intrigued by to come in for a demo you know waving free t-shirts and other free toys in front of you just to sort of come in. It just didn't feel, didn't feel very busy.

>> On even the content side I call it the content less RSA. The keynotes were kind of poor. There was a lot of rehash on the same issues we discussed last year. I mean and we are kind of playing into it. 2 years ago it was all Mac here. Last year it was all DLP and authentication. This year it's all cloud and you just keep repeating the same themes over and over again. Really, really disappointed in the show this year.

>> So we need some breakthroughs?

>> I think we do.

>> Thanks for being here.

>> Thank you for having us.

>> Thank you.

>> For ZDNet I'm Larry Dignan. Thanks for watching.

==== Transcribed by Automatic Sync Technologies ====

Poll: What percentage of the Macs you support run Windows through dual boot or virtualization?

Dojo tops TechRepublic's thumbs up list

People who read this...

Poll: Are current security measures sufficient for your company to move into the cloud?

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

See All Comments

Staff Picks
Top Rated
Most Recent
My Contacts

No messages found

0 Votes

+ -

I think everyone is ignoring the important security

Deadly Ernest 5th Jun 2009

aspects of the cloud. We can make it safe to work in the cloud ONLY when we control all connections to the cloud. Thus a local cloud behind your corporate firewall does make sense, but not trying to do important business across the Internet cloud itself, that's deadly to your business in any time terms. Such a set is in violation of a number of legislated security and privacy requirements too.

I'm concerned about Sam's comments on moving to a centralised common update centre. throw your mind back several years to what was being touted by Wintel when they wanted to push their Palladium Concept. One update centre that checked if ALL your software met the legit licence requirements before it gave you any updates. Any hiccup with one and you're screwed on all was the basic concept.

One also wonders about the basic levels of security for any software that needs to be updated so frequently.

I think all lot more needs to be done right across the board in the security arena before corporate cloud computing outside the corporate domain will be viable.

View in thread

0 Votes

+ -

RE: Video: Rushing into the cloud may create a security nightmare

rayanch 5th Jun 2009

i believe because i was in wireless internet security process and have followed the same guidelines. This one really help.

View in thread

0 Votes

+ -

What happens when...

eHC1019 15th May 2009

This may be off-base for this post, but I had a thought the other day when watching the local news.

The news report was about a local company being investigated for something and the FBI came in a took all the computer equipment out for evidence.

This got me to thinking about something. Ok, your apps, your data, heck, even your virtual OS is on someones else units. And they get in some sort of situation with the law. Now all your stuff goes by-by with the law. And even though you have nothing to do with any of this, your data is pried into anyways. Not to mention all the other parts of the nightmare!

Just a thought - and yes - maybe I am being too simplistic about it all.

View in thread

Once logged in, adding contacts is simple. Just mouse over any member's photo or click any member's name then click the "Follow" button. You can easily manage your contacts within your account contacts page.

See all comments