CTO’s Blog: RSA2010 Report!

The RSA show is wind­ing down now on its last day and has been an inter­est­ing expo­si­tion of tech­nolo­gies and secu­rity prac­tices, but one which the US Gov­ern­ment has actively par­tic­i­pated at a new and unprece­dented level dri­ving how the idea that Cyber Secu­rity and Infor­ma­tion Pro­tec­tion is everyone’s respon­si­bil­ity and that the Indus­try Sec­tor has its role to play in the larger goal of mak­ing the Cyber-​​World a safe place to work in.

The keynote speeches were espe­cially inter­est­ing from the Fed­eral Deci­sion Mak­ers who pre­sented. As part of this there were no less than six booth’s in the Exhi­bi­tion hall with Fed­eral Spon­sor­ship includ­ing the new booth from the FBI itself, the return­ing NSA and of courts US-​​CERT was there. We also saw two new enti­ties includ­ing the DHS’s IT Sec­tor groups and some of the most pow­er­ful ses­sions were the LAW and TECH­NOL­OGY Track ses­sions which this time were high­lighted with Steve Teppler’s (of the ABA’s ISC) Mock Trial Ses­sions with seated Fed­eral Chief Mag­is­trate Judge, his Honor John Fac­ci­ola of the DC Cir­cuit Courts. Speak­ers also included Sec­re­tary Janet Napal­i­tano and Direc­tor Mueller of the FBI in addi­tion to Jim Bid­zos keynote commentary

• http://​www​.rsacon​fer​ence​.com/​2​0​1​0​/​u​s​a​/​a​g​e​n​d​a​-​a​n​d​-​s​e​s​s​i​o​n​s​/​a​t​-​a​-​g​l​a​n​c​e​.​htm

Focus on the Open­ing words: Art Covello

RSA’s pres­i­dent Art Cov­ello spoke about Cloud Com­put­ing and the need to cre­ate reli­able and safe con­trols in the IT world. He spoke of the con­cept of TRUST and how dig­i­tal trust sys­tems had enabled key finan­cial sys­tems which were the basis of mon­e­tary trans­ac­tions of all forms such that we need to pro­tect and empower their use in everything.

Tech­nol­ogy Track Sessions

The Tech­nol­ogy Tracks had all kinds of inter­est­ing media con­trol and end-​​user client-​​security ser­vices, and com­pli­ance audit­ing inside that set of uses showed the new vision’s on how Infor­ma­tion Secu­rity is managed.

FBI Direc­tor Meuller

Espe­cially inter­est­ing yes­ter­day was Direc­tor Meuller’s com­pelling com­men­tary on the need to pro­vide Indus­try Sup­port of Fraud and Dig­i­tal Evi­dence sys­tems as an under­lay­ment of the FBI’s and Global Cyber­Crime ini­tia­tives. He also spoke of the FBI’s suc­cess in work­ing with other Gov­ern­ments in the appre­hen­sion of Cyber Crim­i­nals includ­ing the recent cap­ture in Spain with the Local ALAC’s Team there. He emphat­i­cally stated:

“The Inter­net is not only used to plan and exe­cute attacks; it is a tar­get in and of itself. Usama bin Laden long ago iden­ti­fied cyber­space as a means to dam­age both our econ­omy and our psyche—and count­less extrem­ists have taken this to heart,” Mueller said. “Ter­ror­ists have shown a clear inter­est in pur­su­ing hack­ing skills. And they will either train their own recruits or hire out­siders, with an eye toward com­bin­ing phys­i­cal attacks with cyber attacks.”

Cloud News!

LEGAL ASPECTS of CLOUD COM­PUT­ING: Thursday’s Legal Aspects of the CLOUD com­put­ing ser­vices were excel­lent and pro­vided a frame­work for under­stand­ing the dis­trib­uted and increased risk mod­els rel­a­tive to out­sourc­ing sys­tems. Cloud sys­tems secu­rity is still evolv­ing and the con­fu­sion from Vendor’s on what tech­nol­ogy is actu­ally nec­es­sary is also slow­ing adop­tion of the “flat­tened Main­frame” type ser­vices that are now labeled as “The Cloud”…

Yes that’s right — It is worth not­ing here that Cloud Com­put­ing has been here for 50 years and the new pack­ag­ing of Service-​​Based vir­tu­al­ized infra­struc­ture and back-​​ends which include full UI’s is all that has hap­pened here. The mas­sively par­al­leli­fied cloud ser­vice world is based on new com­pute avail­abil­ity and an old par­a­digm. What’s amus­ing from this reporter’s per­spec­tive is how well mar­ket­ing has cre­ated a storm around some­thing older than most of the peo­ple writ­ing spin for it? So what are the legal issues with Cloud com­put­ing? Sim­ply that all of the contingency’s must be defined and fully cov­ered with­out ambi­gu­ity in any out­sourc­ing oper­a­tion which uses this Soft­ware as a Ser­vice (SaaS) tech­nol­ogy. See Tanya Forsheit’s posts for her posts on her session.