Rob Whiteley

That was honestly a question at our recent Security Forum. During every keynote, we collect questions for the audience and one of the attendees took the time to write down: “Can you please have someone from the hotel staff come and inform us of the evacuation plan. Specifically, where are all the emergency exits?”

I love putting on these events. I mean, seriously, only at a security and risk management conference do you get people worried about emergency evacuation plans.

But it did get me thinking and I asked myself: What are the best and worst audience questions from the forum? The event was based on the three shifts we see reshaping the security and risk management landscape in 2010. So I culled through the 78 unanswered question cards we rounded up from our eight keynotes. Here’s a quick breakdown of what was on our security execs minds:

App security: 2
Data security: 3
General information risk: 3
Social media security: 4
General threats and exploits: 6
Security talent and staffing: 7
Outsourcing: 9
Cloud computing: 14
BYOPC: 30

Right off the bat you can see that cloud computing and IT consumerization (BYOPC= bring your own computer, a popular trend as employees are demanding they use their personal machines in the workplace). But it’s important to note that a) this not a very statistically valid sample size; and b) the questions are biased based on the topics we introduced in our keynotes. So please, no comments on about how this is not representative of the market. But still… twice as many questions on IT consumerization? That’s definitely one of the bigger shifts.

So with that said, here are some of the more… interesting… questions we had:

“All of this hubbub about the cloud… 'The cloud' isn’t NEW. The TERMINOLOGY is new, but the concept and the reality is NOT. ASP anybody!?! Why did we wait 10 years to deal with and think about problems which aren’t new with a delivery mechanism that isn’t new?”

“Are people more inclined to misbehave via the Internet or in person?”

As you can tell, there are always a few spoilers. But there were some good questions in there as well. My personal favorites based on the event theme are:

“What non-standard risks are you exposing your exposed to in a cloud environment if you data is strongly encrypted and you have well defined access controls?”

“Given consuermization and Web 2.0 adoption, is there an emerging role for a central authority in inter-company collaboration? A particular vendor or organization to act as a trusted broker?”

“In the BYOPC environment, how is it any different if an employee goes to an illicit website on his own machine versus a corporate machine? Isn’t it just an HR issue regardless?”

“Is it true that joining the cloud increases risks by subjecting your data to the combined risk of everyone in the cloud? Because there’s a direct analogue to maritime insurance, which encouraged increased trade by sharing the risk. So the question is, what’s the tipping point to make the cloud worth the shared risk?”

You’ll see that we’ll weave the answers to these questions into our blog and written research over the coming months. But in the meantime, I ask that you keep them coming! Let us know what questions are on your mind so we can continue the dialog. Unless you just want to know where the emergency exits are. There’s a plaque near the elevator for that.