Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]
Last week my colleague Matthew Gardiner and I, along with Kim Cameron of Microsoft and Edwin van der Wal of Everett Consulting, presented a panel on “Security Intelligence and IAM” at the European Identity and Cloud Conference in Münich. Prompted by questions from our moderator, Dr. Horst Walther, we had a lively discussion about the [...]
Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.
Most of my friends and colleagues know that I like to cook so I will be doing a series of “recipes” in the next few weeks to address some of the key challenges based on conversations I am having with major organizations. So, to get started, here is part 1 on Creating a Trusted Cloud.
Recently we addressed passwords and their contribution to the people security problem. At the end of the post, I asked what we could change to take weak passwords out of the equation. If having passwords is a requirement to doing business, what things could we add to the mix that might be able to reduce the risk of using them?
I was at the Gartner IAM Summit in London last week and had the chance to catch up with Robin Wilton, including attending his session on “High Identity Assurance in a Mobile World”. It was a great presentation, full of interesting ideas and insights. I was particularly struck by Robin’s discussion of personas, especially in the light of the keynote panel discussion of “the death of authentication” the day before.
At RSA, we have a legacy of authentication innovation from multifactor to risk-based, heuristic authentication. We challenged ourselves with “What’s Next?” As an industry we continue to conceive more usable yet stronger authentication but we have a bigger mandate to meet a need that has gone unmet for a long time.
In Securing Enterprise Use of Mobile Devices, I wrote about my participation as a panelist in the “Mobile Security Show”, aired on the AT&T video channel in November 2011. We talked about a lot of things, from the drivers behind bring-your-own-device strategies to the technologies supporting enterprise security for personal devices and the policy implications, for enterprises and society as a whole, for the privacy of individual and enterprise information. Towards the end of the evening, we got into a discussion of whether homogeneous technical environments are more risky than heterogeneous ones. Ed Amoroso, the CSO of AT&T, had particularly interesting thoughts on the complexity of this issue for IT departments, ending with the remark: “Count me in as favoring the diverse ecosystem.”
The problem that RSA and Zscaler are taking on is a fundamental one for the new dynamic of user interaction with enterprise information. User access increasingly comes from outside corporate networks, using devices not controlled by the enterprise IT teams. Connectivity with IT systems is increasingly in short duration bursts and employs many different approaches: HTTPS, VPNs, VDI. The security posture of the user device changes continuously as the user accesses different resources from different locations, and I don’t mean just between home and office, or between different cities as we travel. It’s being connected via our home wireless at 8 a.m, via the office LAN at 9, the Starbucks wireless at 10 and so on. We are all out in the cloud a lot of the time!
Over the past 6+ years at RSA I’ve seen a lot of changes at RSA from acquisitions to new product launches to the dreaded “end of life” of a product. I’ve seen the group I originally start in grow from less than a dozen people to one of the largest segments of the company. I’ve [...]
