Speaking of Security – The RSA Blog and Podcast

Did I just use a tactic to get you to click on this? Maybe. It sure is a punchy headline. I bet it stirs up some emotion on both sides of the transaction: cloud providers that are tired of working with auditors and security professionals that are tired of explaining to business analysts why regulated data can’t live inside a public cloud.

Over the weekend, three stories crossed my desk that got me thinking about the challenge that Art Coviello issued to the security industry in his RSA Conference 2012 keynote: to forge a  “collective resolve” to stand together against “a host of adversaries who threaten our very trust in the world’s digital economy”. The first of [...]

At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]

We have seen action movies where the protagonist, stripped of his weapon, manages to find some everyday item like a stick or pen and disarm several baddies, rescue the hostages, and disable the imminent threat to mankind. We accept this premise because it happens every day; ingenuity, experience, and persistence often overcome the lack of a specific tool. We, as 21st century professionals, leverage these skills and the resources at hand to overcome the daily crises and defeat evil (or save a file that has accidentally been deleted). Cue the heroic background music…

I was at a customer event recently and was party to a discussion on the ‘disappointment’ or disillusionment in deploying Data Loss Prevention and comments like ‘well, it just doesn’t do what it’s supposed to do’ or ‘it’s too tricky to deploy’. Well, the truth is DLP technology is not something that comes off the shelf in a one size fits all package. Here are the things DLP is not going to do for you:

When the House Republican Cybersecurity Task Force released its recommendations last October, U.S. Representative Mac Thornberry (R-TX), the Chairman of the Task Force said that the time had come for the U.S. Congress to act on cyber security legislation. In a blog post on October 11th, 2011, he stated: “We simply cannot allow legislative gridlock to continue on this issue. And we cannot let the quest for the perfect cyber bill prevent a good one from passing.”

Some of the discussions we are having over here are brain-wrinklers! I was speaking with some colleagues yesterday about the security implications of big data. Typically I would group them into two separate ares: 1) Using big data as an enabler for predictive security analytics (i.e., deriving security information powered by analytics across big data) 2) Securing the output of big data analytics on the business side (and possibly in infosec too).

Sensitive information is sometimes like a loaded weapon someone might randomly stumble upon in a park. For those that have some kind of training with weapons, you can probably think of a dozen things you would and wouldn’t do if you were in this situation. But what if you had never seen this kind of weapon before? Would it become a paperweight on your desk? Maybe a doorstop? Or in an extreme case, earrings? Maybe you see peers treating these weapons the same way and all the sudden it becomes acceptable. Until one goes off.

Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.

If you’ve heard me speak about information security maturity lately, you may have heard me compare our industry and function to Maslow’s Heirarchy of Needs. For those of you that may need a refresher, here are the basics (minus a few to stop some search engine hits). In order for a human to realize his full potential, he must have specific needs met.