RSA 2011 shows familiar problems elude solutions

The security world descends on San Francisco this week for the annual RSA Conference. Arguably the biggest show of the year for enterprise IT, the conference brings together vendors from all over the world to discuss the latest security developments and the best methods of dealing with current threats and new challenges.

In theory, the topics at RSA are always evolving. New challenges are met and every year new breakthroughs are made to deal with the problems of the previous year.

This year, however, the rhetoric at RSA may sound awfully familiar. Going into the latest schedule of the conference, the questions of 2011 look much like those of 2010. Many of the challenges of the past year have not been solved.

For enterprises, questions remain about the future of cloud computing and how data will be kept secure. While many non-critical business applications have made the leap to web-based services, core applications and sensitive data have not.

The issue is largely one of perception. Many companies simply do not trust third-party services to host information that is essential for day-to-day business operations. Furthermore, companies are hesitant to hand over private information and personal data to servers that are, in some cases, located out of the country.

Cloud computing was the central focus at the 2010 RSA Conference for many of the keynote addresses and conference tracks. Executives from some of the biggest names in the industry pledged to put their weight behind securing cloud services, and to convince companies that the technology was ready to handle mission-critical workloads.

As the year progressed, however, many of those questions remained unanswered. While cloud computing has grown, more than a few areas have security question marks over them, and businesses don't seem any more convinced that cloud plat forms will be as secure as on-premise solutions.

Studies from major research groups and large vendors all seem to reach the same conclusion. Companies are no more confident about the security prospects for cloud computing than they were a year ago.

If the 2010 RSA show was about setting out to build trust in cloud services, security vendors seem to have fallen woefully short of that goal. 2011 will need to be less about outlining the worries over cloud computing and more about how those fears will be addressed in the coming year.

Security in cloud services may not be the only sector where the 2011 RSA Conference feels familiar. Securing public infrastructure looks to be just as big an issue this year as it was in the 2010 show, when the Operation Aurora attacks were fresh on the minds of just about every attendee.

The security of government sites remained an issue over the course of 2011, and it became apparent that a catastrophic cyber attack on government infrastructure is far more feasible than most people think.