Many of the enabling technologies we write about here at Business Agility are on display at the annual RSA conference, viewed through the lens of security.
We've begun writing about cloud security (see the links below), and the topic was front and center at the massive gathering of the security-conscious, which got underway on Monday in San Francisco.
The Cloud Security Alliance held its summit on the first day of RSA's conference. Michael McConnell, former director of the National Security Agency and former Director of National Intelligence, urged the 1,200 security experts in attendance to do what they can to help build trusted cloud computing systems. "Drive this technology, and drive the standards to force change. The economics of the cloud are so compelling they can't be denied. We have to get the security aspects right," McConnell said.
The CSA's executive director, Jim Reavis, strongly reinforced McConnell's message. He pointed to one of the roots of the cloud security dilemma: "I feel that what we have developed is an Internet that the bad guys own and they let us use it, and the venture capitalists have looked for ways to profit as opposed to solving issues. I think there's a market failure there."
CSA is embarking on an ambitious Innovation Initiative that will pair a working group within the organization with a for-profit entity engaging innovators and other interested parties. Solutions the innovators develop, with or without the assistance of CSA, can be submitted back to the working group for assessment.
Another CSA initiative will address mobile computing, conducting basic research to help secure mobile endpoints by using cloud technologies. Reavis alluded to the likely advent of "clouds of mobile devices," a scenario sure to strike fear into the hearts of security professionals everywhere.
Stirring big data into the cloud mix introduces both new security concerns and, paradoxically, new tools to help enable security. A panel session on Tuesday, kicking off at just about the time of this writing, will address both ends of big data security question.
On the vulnerability side, last fall Adrian Lane, analyst and CTO at Securosis, wrote a post titled "Big Data and Bad Security" in which he noted:
The rush to collect and mine big data leaves data security in the dust... From a security standpoint, you're starting from scratch. By and large it is not built in. We are only a couple of years removed from a time when just a few developers were prototyping applications on obscure open-source data repositories.
On the positive side, think of the data on which security judgements are based on the global Internet: it certainly qualifies a big data by any standard. A security company monitoring tens or hundreds of millions of security incidents per day for clients has the potential to characterize threats by comparing them with rich, global baseline data. Some security outfits are stepping up to that challenge.
We'll be hearing more from RSA as the conference week goes on.