>> This weeks RSA Security Conference kicked off and brought a few compelling themes but the 2 big topics appeared to securities and service and security spending. I'm joined here by Sam Diaz, Senior Editor at ZDNet and Ryan Naraine our lead Security Blogger. Thanks for being here.
>> Thank you for having me.
>> Thank you.
>> Securities as a service was a big theme at the show this year. Is it all it's cracked up to be?
>> I actually am sort of intrigued by the idea of securities and service. I think for too long we have seen users in charge of things like updates and patches and that sort of thing. I don't know that that's been necessarily effective. I think we put you know our selves and others at risk by doing those sort of things or following that pattern. For example I set in at the MacAfee Keynote at RSA and I'm sort of intrigued about this idea of a central intelligence data base. Someplace where all the you know the latest updates, the latest variants, the various worms, viruses that sort of things are all sort of kept and are pushed out to users as opposed to users having to go and pull them. I sort of like the idea and maybe it's time has come.
>> That makes me queasy. What happens if the cloud gets hacked?
>> Well that's the issue. Securities and services is all great and fun until they inaudible and the cloud gets hacked and no one's talking. I mean we're now in the very late stages of trying to think through how are we securing the cloud? Delivering securities and services is great as Tom said. I totally agree with him. We need to patch foreign users. There's no, the days of relying on end users to secure themselves is dead. We have to do it for them. The cloud is great for that. How are we securing the cloud? Are enterprises going to rush in to put data in a cloud when they don't know what kind of security, what kind of security is built into that infrastructure?
>> I would argue you know that the enterprise you know they should be looking at it I would agree that they should not necessarily rush into it. You know the cloud isn't necessarily secure as we'd like it to be yet but you know I don't think they should rush into it. I think should maybe tip toe and keep, keep their eye on it.
>> Are vendors saying it's cheaper?
>> It's definitely cheaper I mean everyone is in evaluation stages now. Inaudible asking this very question are you, are you rushing to the cloud? Are you evaluating? Everyone is evaluating right now? Sysco's Keynote was all about how great it is for them just putting the back bone together to support the cloud support infrastructure. So I think there are a lot of vendors for the cost benefit are actually rushing into it and I think that's where the real risk is because this is such a differential from like Black Hat. You go to Black Hat and all their talking about is how they're breaking the cloud and I come here and everyone is buying into the cloud. So the whole you know that.
>> So all the victims come to RSA?
>> Correct that's exactly it. Laughter
>> So speaking of the economy and the cloud being cheaper what was your economic vibe this week?
>> It was a very slow conference in a lot of, a lot of grumbles from security software vendors here. They're not hurting in terms of revenues and projections. They're hurting, security is interesting because of compliance issues and so many other things that help security spending it's, it's resistant to the recession but it's not obviously not recession proof. Spending is obviously going to be down but it's not going to be hurt like some other sectors and that's kind of like the theme talking to vendors here.
>> Yeah and I don't think companies can necessarily even admit to reducing spending costs. I mean what you have to spend because of things like compliance issues. You know it really does still remain a necessary spend. Although I will echo what he said about the, the attendance at the show. It was very light. There were plenty of seats in the keynote areas and the you know the people in the booths were doing everything they could to get you intrigued by to come in for a demo you know waving free t-shirts and other free toys in front of you just to sort of come in. It just didn't feel, didn't feel very busy.
>> On even the content side I call it the content less RSA. The keynotes were kind of poor. There was a lot of rehash on the same issues we discussed last year. I mean and we are kind of playing into it. 2 years ago it was all Mac here. Last year it was all DLP and authentication. This year it's all cloud and you just keep repeating the same themes over and over again. Really, really disappointed in the show this year.
>> So we need some breakthroughs?
>> I think we do.
>> Thanks for being here.
>> Thank you for having us.
>> Thank you.
>> For ZDNet I'm Larry Dignan. Thanks for watching.
==== Transcribed by Automatic Sync Technologies ====
