News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

RSA Conference recap: securing cloud computing and prepping for cyber-war

Feb 22, 2011 — by LinuxDevices Staff — from the LinuxDevices Archive — views

The 20th annual RSA Conference in San Francisco came to a close Feb. 18, ending a week of product announcements, keynotes, and educational sessions that produced their share of security-related news stories, including EMC's Cloud Trust Authority. This year's hot topics included cloud computing and cyber-war.

Last week's RSA Conference included a new session track about cloud computing, which was also the subject of the keynote by Art Coviello, executive vice president at EMC and executive chairman of the company's RSA security division.

Virtualization and cloud computing have the power to change the evolution of security dramatically in the years to come, said Coviello.

"At this point, the IT industry believes in the potential of virtualization and cloud computing," Coviello told the RSA audience. "IT organizations are transforming their infrastructures. … But in any of these transformations, the goal is always the same for security — getting the right information to the right people over a trusted infrastructure in a system that can be governed and managed."

EMC's RSA security division kicked the week off by announcing the Cloud Trust Authority, a set of cloud-based services meant to facilitate secure and compliant relationships between organizations and cloud service providers by enabling visibility and control over identities and information. EMC also announced the new EMC Cloud Advisory Service with Cloud Optimizer.

In addition, the Cloud Security Alliance (CSA) held the CSA Summit Feb. 14, featuring keynotes from Salesforce.com Chairman and CEO Marc Benioff and U.S. Chief Information Officer Vivek Kundra.

Cyber-war drums

The cloud was just one of several items touched on during the conference. Cyber-war and efforts to protect critical infrastructure companies were also discussed repeatedly.

In a panel conversation, former Department of Homeland Security Secretary Michael Chertoff, security guru Bruce Schneier, former National Security Agency Director John Michael McConnell and James Lewis, director and senior fellow of the Center for Strategic and International Studies' Technology and Public Policy Program, discussed the murkiness of cyber-warfare discussions.

"We had a Cold War that allowed us to build a deterrence policy and relationships with allies and so on, and we prevailed in that war," McConnell said. "But the idea is the nation debated the issue and made some policy decisions through its elected representatives, and we got to the right place. … I would like to think we are an informed society, [and] with the right debate, we can get to the right place, but if you look at our history, we wait for a catastrophic event."

Part of the solution is to develop partnerships between the government and the private sector, suggested Symantec CEO Enrique Salem.

"One of the biggest issues you got — [and] unfortunately we haven't made enough progress — we need better coordination across the government agencies, and from the government agencies to the private sector," said Salem. "I think we still work too much in silos inside the government [and] work too much in silos between the government and the private sector."

The purpose of such efforts is to target advanced persistent threats (APTs), Bret Hartman, CTO of EMC's RSA security division, told eWEEK.

"Part of the problem of when you define [advanced persistent threats], it's not going to be like one single piece of software or platform," said Hartman. "It's a whole methodology for how bad guys attack the system. They're going to use every zero-day attack they can throw at you. They are going to use insider attacks; they're going to use all kinds of things because they are motivated to take out whatever it is they want."

The answer, Hartman said, is a next-generation Security Operations Center (SOC) built on six elements: risk planning; attack modeling; virtualized environments; automated, risk-based systems; self-learning, predictive analysis; and continual improvement through forensic analyses and community learning.

Preventing attacks also means building more secure applications. In a conversation with eWEEK, Brad Arkin, Adobe Systems' director of product security and privacy, discussed some of the ways Adobe has tried to improve its own development process, and offered advice for companies looking to do the same.

"The details of what you do with the product team are important, but if you can't convince the product team they should care about security, then they are not going to follow along with specifics," Arkin said. "So achieving that buy-in to me is one of the most critical steps."

Brian Prince is a contributor to our sister publication eWEEK.


This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.