Speaking of Security – The RSA Blog and Podcast

I was in Munich last week, speaking at the European Identity and Cloud Conference in a panel on standards for mobile security. It was a very good session, not least because of the colleagues who joined me on the panel. John Sabo spoke about the work he’s doing in privacy frameworks.  Tony Nadalin spoke about [...]

In his introduction to the Innovation Sandbox at RSA Conference, Hugh Thompson remarked on the critical role that small companies have in driving innovation. That’s certainly true and it was great to see the innovations of the 10 finalists who presented on Monday. But Hugh’s remark got me thinking about other dimensions of innovation, particularly in the light of the phenomenal range of capabilities evident in the exhibition hall at the conference.

As I mentioned in an earlier blog, RSA is transitioning the PKCS #11 standards effort into OASIS. The call for participation for the new OASIS PKCS 11 Technical Committee has now officially gone out from OASIS leadership, describing the process for joining the TC. The new public page for the PKCS 11 TC provides information [...]

We are seeing a fundamental shift in the way IT is consumed, and subsequently secured, and it’s mostly driven by mobile. The recent SBIC report, “Realizing the Mobile Enterprise: Balancing the Risks and Rewards of Consumer Devices,” highlights these shifts. There are a number of trends around mobility that make it a distinctly different and new security challenge to consider

I have worked on mobile security strategy for RSA for the last two years now, and during that tenure the market continues to evolve and move at a rapid pace, which no doubt is putting more stress and uncertainty into the minds of security professionals. But, just the other day I saw a graphic in Computerworld that really summed up the entire mobility movement. Take a look:

Mobile apps, and the content they provide, are the reason smartphones and tablets are so popular; recent statistics show that mobile users around the globe download over 67 million app every day! Although these numbers are staggering, security-awareness did not follow, and it was a matter of time – and only logical for cybercriminals – before online threats, such as phishing and malware, became a reality on mobile devices.

A couple of weeks ago, my colleague Alina Oprea and I participated in the ZISC Workshop on Secure Mobile and Cloud Computing 2012 sponsored by the ETH here in Zürich. The second day of the workshop focused on cloud security, ending with Alina’s great presentation on research that RSA Labs is doing on mechanisms that enterprises could use to validate the security and availability of data entrusted to a cloud service provider. There were also very interesting talks by Vinod Vaikuntanathan (University of Toronto) on fully homomorphic encryption and George Danezis (Microsoft) on considerations for deploying cryptographic protocols for the cloud.

One of the great things about traveling is the interesting folks you meet. That’s true not only in meetings and conferences and such, but also on the plane. I’ve had fascinating conversations many times with the people sitting next to me — sometimes about computer security, as when the director of consulting at Verisign and I spent hours talking during a long transatlantic flight. But often the conversations are on wide-ranging topics far removed from security.

I was at the Gartner IAM Summit in London last week and had the chance to catch up with Robin Wilton, including attending his session on “High Identity Assurance in a Mobile World”. It was a great presentation, full of interesting ideas and insights. I was particularly struck by Robin’s discussion of personas, especially in the light of the keynote panel discussion of “the death of authentication” the day before.

It’s a new, exciting era for Trojan builders. The mobile space in 2012 is a vast, unchartered territory that attracts the talent and creativity of black hatters and malware writers like moths to a flame. If you think about it, the entire mobile security space has huge ‘Here there be monsters’ sections where the cartographers don’t really know what to draw. With its unique architecture, security platforms and operating systems, it’s a challenging, yet highly rewarding exercise.