Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]
Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.
Last week my colleague Matthew Gardiner and I, along with Kim Cameron of Microsoft and Edwin van der Wal of Everett Consulting, presented a panel on “Security Intelligence and IAM” at the European Identity and Cloud Conference in Münich. Prompted by questions from our moderator, Dr. Horst Walther, we had a lively discussion about the [...]
Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.
Most of my friends and colleagues know that I like to cook so I will be doing a series of “recipes” in the next few weeks to address some of the key challenges based on conversations I am having with major organizations. So, to get started, here is part 1 on Creating a Trusted Cloud.
Earlier this week I was at MIT Media Labs for a meeting with my colleagues in EMC technical leadership. While we there, we took a tour of the Media Labs, including talking with a couple of grad students and professors. One the projects we were introduced to is called Place Pulse, “a website that allows anybody to quickly run a perception study and visualize the results in powerful ways”. It was interesting from a lot of perspectives: as an investigation of perceptual clues we use in making decisions; as an exploration of visualization techniques; and as a model both for generating and for analyzing Big Data.
At RSA, we have a legacy of authentication innovation from multifactor to risk-based, heuristic authentication. We challenged ourselves with “What’s Next?” As an industry we continue to conceive more usable yet stronger authentication but we have a bigger mandate to meet a need that has gone unmet for a long time.
Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.
The problem that RSA and Zscaler are taking on is a fundamental one for the new dynamic of user interaction with enterprise information. User access increasingly comes from outside corporate networks, using devices not controlled by the enterprise IT teams. Connectivity with IT systems is increasingly in short duration bursts and employs many different approaches: HTTPS, VPNs, VDI. The security posture of the user device changes continuously as the user accesses different resources from different locations, and I don’t mean just between home and office, or between different cities as we travel. It’s being connected via our home wireless at 8 a.m, via the office LAN at 9, the Starbucks wireless at 10 and so on. We are all out in the cloud a lot of the time!
Last week, Atos, VMWare and EMC announced the creation of a new company, Canopy, dedicated to providing cloud services. One of the best things about this announcement, from my point of view, is knowing that for Canopy, security is no afterthought. This time, it’s part of the DNA. You may have heard of Atos as [...]
