Cloud maturity seen in expanding enterprise security focus

The RSA Conference will kick off next week with the Cloud Security Alliance Summit, which examines issues from identity, to mobile to national security.
Written by John Fontana, Contributor

The seemingly unstoppable spread of cloud technology across the globe and across vertical industries is finally pushing enterprises to focus on security from multiple angles including identity management, mobile devices, and big data, according to the Cloud Security Alliance (CSA).

Those themes and topics will take center stage at next week's RSA Conference, when the CSA, which now has nearly 45,000 members, hosts its annual Summit on the first day of the conference.

"Our theme is the growing maturity of the cloud, the growth in lessons learned and of enterprise adoption of cloud," said Jim Reavis, executive director of CSA, which got its start at the RSA Conference in 2009.

Mark Weatherford, deputy undersecretary for cybersecurity at the Department of Homeland Security will examine national security and the cloud in his opening keynote. His appearance comes on the heels of President Obama's executive order on cybersecruity.

The discussion represents a relatively new topic area for CSA.

"The focus is not from the top down," says Reavis. "We are starting at the grass roots, what are people seeing out there at a time when there is so much adoption of mobility and cloud services. We are interested in understanding the unintended national security issues that arise."

Reavis says CSA also is in the process of developing its Trusted Cloud Initiative (TCI) version 2, which has evolved into an overall enterprise architecture view for adopting multiple clouds in a hybrid model. He said large enterprises are using TCI as a blue print to adopt cloud services.

"We thought TCI would be focused on identity, but it covers a lot of other areas," said Reavis. "It is an identity-driven architecture. Identity drives so much around an enterprise being able to adopt cloud, but it doesn't stop there. You have business architecture, ITIL service management, SLAs, it's all part of the cloud experience."

And he says enterprises are realizing their directory assets are strategic and need to be leveraged in the cloud.

"When we talk to innovators in Silicon Valley, they say it is table stakes that they have a partnership with an identity company or that they build enough of the enabling technology to federate," said Reavis. "They have to think about the cloud services they are providing and not just fitting in, but taking advantage of leading edge practices with identity management."

Another forcing function is mobile. The CSA Summit will feature a panel entitled "Mobile Security Insights" with experts from Vordel, Fiberlink, Veracode and Ping Identity (disclaimer: my employer). The discussion will include a look at security innovations around such things as APIs and standards such as OAtuh.

A second panel, "Managing Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile” will feature experts from CSA, CA, NetIQ, Qualys and Zscaler that will look at key risks, legal issues, compliance and emerging security architectures.

"We see enterprises struggling with mobile polices that they think are most realistic in terms of achieving compromise between protecting the enterprise and enabling the workforce," said Reavis. CSA has developed guidance such as essential features of mobile device management and templates for BYOD policies.

"We are seeing companies that are forcing VPN usage to inspect traffic but that is not sustainable. We are at a fairly primitive level of implementation and of understanding what are the best ways to protect mobile in the enterprise."

And Reavis says it only gets more complicated when you view mobile devices as the first wave of defining an Internet of Things, which will be another topic at the CSA Summit.

CSA also plans to highlight its evolution around the globe, including plans to expand its reach into Central America. " You see government's playing a role in cloud adoption with their cloud strategies just like we saw with Vivek Kundra (former U.S. CIO) a few years back," said Reavis.

CSA also plans to announce a Provider Certification Program coming this year and lay out plans for a Legal Information Center to provide information, as opposed to policy or advocacy, on laws and legal issues around the globe that impact cloud adoption.

The Summit will wrap up with a talk by James Robinson III, co-founder and general partner at RRE Ventures, on Tech Innovation, Macroeconomics and the Future Security Mandate." Robinson, a well-known figure on Wall Street the former CEO of American Express, will focus on future technology innovation, corporate utilization of IT and global economic trends that will impact security professionals.

Editorial standards