Nevertheless, defensive measures lag far behind the known vulnerabilities of public cloud computing services, according to customer-driven groups trying to deal with the problems.
During RSA, two major cloud-security groups -- one primarily based in the United States and one European -- informally joined forces to pressure vendors to do more.
The Cloud Security Alliance (CSA) used the show as a platform to launch its efforts to standardize security for cloud computing with the release of its "Security Guidance for Critical Areas of Focus in Cloud Computing", an 83-page document detailing 15 areas of security concern.
Later that same day, the Europe-based group Jericho Forum served up an outline of threats it perceives.
Chris Hoff, a security consultant who wrote the architecture section of the CSA paper, shuttled from that group's launch over to the Jericho Forum event to support its effort, which he says overlaps very closely with that of CSA. "Your concepts make sense," he said.
The groups, which tout members that include large corporations such as Eli Lily, eBay and ING, need to use their influence as major customers to demand products that address cloud threats, Hoff said. "It's the large end-user organizations that will drive it," he said of the cloud-security standardization push.
There are plenty of standards needed, at least judging from the 15 cloud-security conference sessions dedicated to discussing them, but that isn't slowing the adoption of public cloud services, according to experts at RSA.
In fact, widespread adoption of cloud computing services is unstoppably underway, according to a Deloitte-Ponemon Institute survey released at RSA. Nearly 45% of respondents already buy cloud computing services and 22% say they are considering them, according to the survey. "Outsourced cloud is here," said Rena Mears, partner and leader with Deloitte's security and privacy services, who spoke during a conference session.
The downside is most businesses don't have a plan for checking to see if their cloud service provides the security it promises, she said, leaving the customer with uncertain security but stuck with any liability should private customer data be compromised.
Businesses are signing up for cloud services without scrutinizing the contract terms written by providers, said Randy Sabett, a privacy attorney with the firm Sonnenschein Nath & Rosenthal. "There is a shift in how businesses are striking a balance," he said. "What do we weigh more, cost savings or legal liability? They are deemphasizing the risk."