RSA Conference 2012: Cloud Security Alliance launches innovation program, eyes mobile threats and solutions

SAN FRANCISCO — Whether already computing in cloud environments, planning to do so soon, or just thinking about it — how those systems will be kept secure is once again a topic that is front and center here at the third annual Cloud Security Alliance (CSA) summit, held at the RSA Conference.

At this year’s summit, the CSA announced their latest initiatives, which include examining ways to better secure mobile devices through cloud computing, looking at ways to drive more security innovation, and a concerted push into the Asia-Pacific region.

“In the past year, there’s been a dramatic increase in the rise of cloud security awareness,” says Jim Reavis, co-founder and executive director of the CSA. “I think there’s a sense around the world of a bigger push of cloud adoption, and we want to help prepare the industry for this move.”

The effort, announced today, perhaps with the broadest impact, is the CSA’s Innovation Initiative. According to the CSA, the open market has produced inadequate information security for cloud computing. Too many security “solutions” have been developed by a highly inefficient system of investors more interested in developing technologies that just manage the problems enterprises face, not actually solve them, the organizers contend. With this push, the group hopes to identify key structural issues related to trust and security that inhibit the adoption of next-generation information technology and incubate technology solutions that address systemic cloud computing security gaps the group has identified.

“Not everyone agrees, but I feel that what we have developed is an internet that the bad guys own and they let us use it and the venture capitalists have looked for ways to profit as opposed to solving [issues],” says Reaves. “I think there’s a market failure there.”

The initiative will comprise both a working group within the CSA, as well as a forprofit entity working with innovators and other stakeholders. Those “innovators” can develop relevant solutions with or without CSA assistance, and then request that the CSA working group assess the solution and its potential value.

Another significant push this year is the CSA’s mobile computing initiative. “Personally owned mobile devices are increasingly being used to access employer’s systems and clouds of mobile devices are likely to be common,” says Reavis. The CSA Mobile working group will conduct fundamental research to help secure mobile endpoint computing by using cloud technologies.

Some of those areas will include: securing application stores and other public entities deploying software to mobile devices, cloud-based mobile management, provisioning, policy and data management of mobile devices.

A third initiative is an international push into the Asia-Pacific, including the selection of an Asian-Pacific headquarters, and working closely with government, legal, service providers, technology providers and consumers and other stakeholders in the region. “CSA has largely been viewed as being North American centric, but cloud computing is a global phenomenon that requires global solutions,” says Reavis.

George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter at @georgevhulme.