Surveying the show floor at RSA Conference last week, the largest security software conference, Michelle Rhinds noted traffic has increased. “We’re seeing about a 20% increase in foot traffic on the expo floor, which means more people are talking to exhibitors about their security software offerings,” she said.

1. Sharp Increase in Cloud Data Security Concerns at RSA 2014
Surveying the show floor at RSA Conference last week, the largest security software
conference, Michelle Rhinds noted traffic has increased. “We’re seeing about a 20%
increase in foot traffic on the expo floor, which means more people are talking to
exhibitors about their security software offerings,” she said.
One of the biggest drivers of the increased focus on cloud data security at RSA is the
NSA revelations by Edward Snowden last year. One of the programs contained in leaked
documents obtained through the Snowden sought to place security vulnerabilities in
commercial encryption software, so called “back doors” that would allow the NSA to
decrypt data much more easily to perform surveillance.
RSA itself has come under fire due to allegations the company added backdoors into its
popular commercial encryption software, receiving payments of $10 million from the
NSA in exchange for adding the vulnerabilities.
Another topic at the show this year is cloud usage by employees, so-called Shadow IT.
Shadow IT is an opportunity for the CIO and IT organization. Consider this fact:
employees are voting with their feet by choosing to adopt technology that helps them be
more productive and grow the business. In a sense, they’re crowdsourcing the selection
process for new technology and providing a valuable service to the IT department.
Instead of going through a lengthy procurement process that may end up selecting a
technology that doesn’t work for the business, IT has an opportunity to partner with the
business to enable and secure the cloud services already in use.
Once your company has visibility into what cloud services are in use and understands the
enterprise-readiness of those services, you can enable the ones that make sense. Enabling
services is about more than buying them for employees. Enablement involves using data
on usage to shepherd employees onto low-risk providers, consolidating subscriptions
using enterprise volume licenses, and responding proactively to enterprise needs not
currently being delivered by IT.

2. “Ensuring cloud data security involves more than just secure encryption,” says Rhinds.
She says large corporate clients are beginning to look at developing cloud adoption
programs that systematize often ad hoc cloud responses and implementing a repeatable
business process for cloud adoption and risk, IT can manage this transition like any other
standard business process.
The activities she suggests serve as a foundation for incorporating cloud practices into
existing IT programs. Rather than a one-time project, it requires continuous work to
iteratively improve over time. By partnering with the business to achieve common goals,
IT can be a driver of the cloud and ensure its adoption creates real business value without
introducing an unacceptable level of cloud data security risks.