Speaking of Security – The RSA Blog and Podcast

Over the weekend, three stories crossed my desk that got me thinking about the challenge that Art Coviello issued to the security industry in his RSA Conference 2012 keynote: to forge a  “collective resolve” to stand together against “a host of adversaries who threaten our very trust in the world’s digital economy”. The first of [...]

There was lots of buzz about big data at RSA Conference, especially in terms of the essential role that big data analytics increasingly plays in detecting data exfiltration and other security issues. Using big data for security is clearly a significant opportunity. But the security and privacy of big data is equally important and yet got much less attention. These concerns did come up in the Tuesday afternoon panel on big data, during which Rick Mogull of Securosis articulated the distinction between securing big data and using big data for security. But for me the most striking insight about the security and privacy issues for big data was in the discussion that Hugh Thompson and Dan Gardener had during the Friday afternoon “Hugh Thompson Show”.

What a week! The 20th RSA Conference is over and it was great to see the masses back out at the Moscone again. I don’t think it’s been this big in a while, but if the parties are any indication, companies are spending money again.

Hear from RSA Chief Technology Officer Bret Hartman about his view of APTs and the year-long research he’s been involved with to develop technologies designed to detect and mitigate APT-like attacks.

This video has been reposted from RSA Conference 2011.

“It is perfectly sound and usable into the future.”

Part of the “Giants Among Us” series in celebration of RSA Conference’s 20th anniversary.

This week at the RSA Conference in San Francisco, California, securing the cloud is on everybody’s mind. Not surprisingly, many are still outlining a piecemeal approach to cloud security using the same recipes that have not worked in the past several decades. However, several credible and powerful voices are emerging from the noise to offer a much more compelling approach to accelerating the adoption of cloud services. The idea is to build a new comprehensive cloud trust model that exploits the unique characteristics of cloud and virtualization. Now, the good news: Leaders in cloud computing are making trust the centerpiece of their strategy and the technology to build this trust model is available now.

Let’s use the RSA Conference as a starting point for changing our thinking in 2011

Let’s start with Authentication “pre-history”: username/password was king, and they weren’t particularly sophisticated in their size or complexity. If security (as I’ve suggested) is best reflected in “cost to break,” the cost was cheap and rapidly became cheaper still. As ease of access and exposure grew, especially with the rise in distributed computing, something new was needed: it had to increase the complexity (and therefore the cost to break) sufficiently to have business impact where it counted – secrets would stay secret!

Recent disparaging comments about private sector engagement in U.S. national cyber defense misrepresent collaboration and hard-won progress with the U.S. government and public sector. In an interview that aired on National Public Radio a former Bush administration official applauded Estonia’s emerging citizen-based cyber army while casting aspersions at the contributions of our own nation’s corporate security experts.