RSA 2012 has come and gone from the caverns of Moscone, and I’ve had a (short) chance to digest this year’s event, leaving a little more educated and a lot more wary about the risks facing modern IT when it comes to security.
The biggest wake up call? Security expert Bruce Schneier’s timely reminder that outsourcing, whether to India or the Amazon Cloud, has ripple effects on security and privacy, and that right now the trend is to cut costs and complexity – in exchange for control. That’s not necessarily a mistake, particularly for businesses that are rapidly expanding, businesses that were hit hard by the recession, businesses that need to quickly adapt to a mobile landscape, or pretty much any other business that can benefit from the agility the cloud offers. In other words, the cloud offers a little of something to everyone.
But the allure of the Google way, or even the Microsoft Azure or Amazon S3 way, costs something, whether it’s an increased chance a competitor can sneak a peak at your proprietary data, that a government can subpoena your records or simply that you can’t control when and where outages hit home.
With more and more businesses going Google, it’s important for the added or simply changed risks to be discussed and acknowledged. Perhaps that means wrangling some extra encryption on top of what your cloud provider offers, or decided that some material is too sensitive to be part of your business cloud strategy. Sometimes it might mean just acknowledging the risks and being ok with it: As Schneier pointed out, most people are miserable when it comes to security and a lot of cloud services are a step in the right direction.
But whether you cloud or don’t, organizational security continues to become more complex as compliance mandates, Bring Your Own Device policies and changing workplaces all collide: Few of the threats are truly original, but almost all are escalating, with groups like Anonymous and Wikileaks making security breaches more public, if not more prevalent.
All in all, it was a sobering week, but there’s hope: Good work is being done to make cloud services more secure, and companies like Amazon and Google are taking seriously their security responsibilities. Now it’s just up to IT managers to help guide businesses on the major decisions that will impact them.