RSA: Security industry begins to offer answers

Important questions loomed over the security industry as the 2011 RSA Conference began this week in San Francisco.

Vendors were charged with earning the trust of businesses on new computing platforms, while trying to answer lingering questions from long-standing threats. All the while, many wondered how the world's embedded infrastructure would withstand a menacing crop of potential attacks.

Over the course of the show, possible solutions began to emerge. Experts presented blueprints for more robust defences, while vendors came forward with platforms that looked to offer security with a new crop of applications.

Cloud computing was the hot topic at RSA in the previous two years, and the 2011 conference was no different. Many entered the show wondering how vendors could overcome the lack of trust that continues to plague mission-critical cloud platforms.

RSA offered the first such solution to the issue. The company pitched a platform under the Cloud Trust Authority banner that could offer a single group of security assurances to support multiple platforms.

HP later sought to improve the cloud security picture by laying out plans for a risk management service that includes components to support cloud-based data as well as the use of mobile devices in the enterprise.

Additionally, experts painted a rosy picture for the security platform designed to protect the DNS system. In a panel discussion, experts including web security researcher Dan Kaminsky gave the nod of approval to the DNSSec system.

While new platforms may offer hope in winning over user trust, old problems threaten to undermine the amount of faith people have in security software.

SSL developer Paul Kocher slammed the continued presence of misleading 'snake oil' security tools, and there were calls for the introduction of universal testing standards.

2011 also saw renewed interest in the malware business. From the opening keynote to the final sessions of the conference, one word was on the lips of every attendee, keynote speaker and booth manager: Stuxnet.

Experts marvelled at the complexity and effectiveness of the worm. Researchers offered explanations for how Stuxnet was able to penetrate nuclear facilities, disable security protections and cause uranium centrifuges to self destruct.