Cloud Security: Key Discussion Topic at RSA 2011 and Beyond

It’s pretty hard these days to do a Google News search on the topic of “application security” and not run into hundreds of stories about cloud security.   As the RSA 2011 news cycle starts to heat up, the topic of cloud security is hard to miss.

Jon Oltsik, Principal Analyst at Enterprise Strategy Group and Network World columnist, believes the RSA PR machine (mainly fueled by security vendors) is overhyping the topic of cloud security.  Oltsik believes that evolving threats, security management, identity and security controls should rival cloud security as priority areas on the RSA 2011 agenda and deserve equal time from the media.

Conversely, from a government agency perspective, cloud security is emerging as a top priority.  Federal CIO Vivek Kundra mandated that all agencies adopt a ‘cloud first strategy’ in 2011.   This mandate will drive more content and demand to cloud based architectures.

While Olstik brings up a valid point in not forgetting about other key areas of security, cloud security will become a major issue (not only) for government and businesses, but for any organization that hosts key data or applications outside of the enterprise.

And, the definition of cloud security is so huge that it encompasses everything from merchant payment processes being outsourced to companies with distributed employees using web-based applications to share information.

Yes, cloud-based applications are highly cost effective and easy to manage and implement.  However, the price of entry can be a devastating breach that compromises vital customer or employee data – a steep price to pay.  That being said, most of the security concerns affecting Internet applications will still be the responsibility of the application owner/developer, not the cloud service provider.

Stay tuned for more posts from AsTech Consulting on steps that organizations could take to truly secure their cloud-based applications.

About the Author:

Greg Reber is the founder and CEO of AsTech Consulting. Since 1997, AsTech has helped Fortune 1000 companies meet the challenge of securing their information assets. In 2001, AsTech was among the first to see the emerging threat posed by customer-facing Internet applications and developed an application vulnerability assessment solution which has continuously evolved to meet today’s threat environment head-on..