For some time now, we at RSA have been speaking about the essential role that collaboration has to play in effective security. It is not enough to collect and analyze information within your own organization. You need to draw on sources of information outside your environment and you need to share your information with other organizations. This cooperation and collaboration in security is imperative, especially given that we are confronted with well-organized and collaborative adversaries.
This message has been reinforced for me in the past couple of days here at this year’s RSA Conference. My conference activity started Monday morning with the Cloud Security Alliance summit and Tom Weatherford’s keynote on his work at DHS. Much of what Tom talked about concerned the government strategy for cyber security. But I was particularly struck by his comment that one of the two fundamental directives in the recent executive order on cyber security was the requirement to increase the sharing of information in addressing threats: from government to the private sector, from the private sector to government, and between government departments. That collaboration imperative is also evident in the role that DHS is taking on, according to Tom, as the first point of contact for the private sector when seeking help from the federal government on cyber security issues.
The need for collaboration was touched on by Art Coviello in his keynote again this year. And our announcement of collaboration with Juniper is also a great example of this collaboration. Each of our companies has security information that complements what the other has. Combining this information strengthens the ability each of us has to detect and respond the cyber threats.
This imperative was already in the forefront of my thoughts. Because of how many security professionals attend RSA Conference, we scheduled the OASIS KMIP face-to-face for the week before the conference and the face-to-face kick-off meeting for the new OASIS PKCS 11 technical committee for the week after. These two standards efforts represent major collaborative efforts to achieve effective security standards. The KMIP standard has been very successful (though of course there is still lots to do), as evidenced by our recent completion of v1.1. We’re just beginning the development of PKCS #11 in OASIS, but there has been a phenomenal level of interest and support for the effort.
These announcements, activities and events may not be the stuff of Ludlum thrillers. But the collaboration imperative does have the potential to make a real difference in addressing the security threats we face.