The morning RSA keynotes were mostly warmed over common wisdom--layer approachs, risk management, intelligence sharing, managing user identities, governance, focusing on users, etc.--about information security, with the exception of the cryptographer panel, which had some good moments. I pulled out some quotes from the presentations to give a flavor of the morning procession.
|Photo Gallery: Take a front row seat with cybersecurity professionals gathering in San Francisco for the RSA 2007 Conference.|
Programs are becoming proxies for people.--Craig Mundie, Microsoft chief research and strategy officer.
Mundie envisions programs that work on our behalf, but issues of establishing trust have to be worked out, including more rigorous identity for the machines themselves, when you don't have assurances about the IP address, and better tools for identity management.
We haven't implemented information security. We have been securing the perimeter, the moat and castle, but not the king, and information is the king. And like a king, information has a nasty habit of wanting to move around.--Art Coviello, executive vice president, EMC and president, RSA
EMC acquired RSA and the two companies are promoting their one stop shopping for information security, storage, management and virtualization. Coviello (at right) also said that the "the pursuit of perfect security is a waste of time. The digital world brings inherent and inextricable risk."
Encryption can be perfected, but at significant expense, so it requires that the highest risk information be identified and protected. In addition, more adaptive systems, such as pattern recognition and behavior modeling build directly into the infrastructure to detect anomalies and block malware.
"People are today's new perimeter."
"There is no doubt in my mind that managing user identities is the most pressing challenge facing the industry today."
Building confidence in the connected world is everybody's job--no company is so dominant or so all knowing that it can provide a level of confidence." --John Thompson, CEO of Symantec
Thompson (below) explained that the issue going forward is instilling trust and confidence in a connected world of information, infrastructure and interactions. He envisioned a consumer-led revolution, but also extended IT security to encompass IT risk management and the leverage it can deliver to a company. The lines separating customers, consumers, vendors, partner and employees are blurring, and this trend requires more capable, user-centric systems and industry cooperation, he said.
Thompson took a shot at Microsoft, saying that the conflict of interest--the company that makes the underlying platform also securing it--needs to be untangled. He gave compared Microsoft's security efforts in competition with Symantec and other vendor on the anti-virus, firewall and other fronts as similar to a company permitted to auditing itself.
The cryptographers panel, with crypto-legends Whitfield Diffie, Ron Rivest, Adi Shamir, and Martin Hellman, had one good exchange.
"Security wins many battles but loses the security war. We are definitely going backwards in computer security."--Adi Shamir (at left)
Moderator Burt Kaliski, chief scientist and CTO at RSA Laboratories, quickly factored a new way to look at security, "Shamir's Law": Every 18 months security gets half as good.
With a 10x increase in malware in the last five years, according to the Yankee Group, an increasingly connected universe and anti-virus labs a few months behind in tracking malware, Shamir's Law is exaggerated, but not by any means ridiculous.