On Wednesday, while the virtualization and cloud computing topics were continuing to see a lot of coverage, I began to focus my attendance in some different areas. The first Wednesday keynote included a brief discussion of the 60-day cybersecurity review by Melissa Hathaway, Acting Senior Director for Cyberspace for the Obama administration. While she did not tip her hand regarding what would be in the final report, she spent a lot of time discussing the importance of the report and the work which will come out of it. You can read her speech by following the word document link on this article in The Atlantic.

Also on Wednesday was a panel discussion on the increasing prominence of legal and audit concerns in security featuring two federal judges and two lawyers. The presence of two federal judges at the RSA conference should be viewed as good news, as it clearly demonstrates that the legal system is taking note of and participating in a dialog with the security industry as a whole. Also there was an individual talk in the Governance-Legal track in the same thread, “eDiscovery Cooperation Workshop for Attorneys and Technologists”. Meaningful information security-related laws and regulations can only be developed and enforced by a team which includes the legal system and the security practitioners.

Other sessions that were heavily attended and well regarded were individual sessions for which there is not yet a link for video or audio. These include “Is Google Evil?” by Ira Winkler, and “The Danger that Lurks in the Internet’s Core Protocols” by a panel including Jeff Moss, Dan Kaminsky and Anton Kapela.

I can easily sum up what nearly every talk, every keynote, and every booth vendor is discussing here at RSA.  I just need four words: “Cloud computing and virtualization”. Virtualization is important because of the desire to make things cheaper and easier to maintain, and presents a powerful argument for power savings especially the week of earth day. The security concerns in virtualization are generally no different than they are with any current system, except for attack vectors between the host and guest operating systems. Virtualizing security services may be helpful in long term cost savings, but introduces additional risks which must be considered and mitigated or accepted.

During the Cryptographer’s Panel, counterarguments about cloud computing were presented. Whit Diffie said he was excited, while Ron Rivest expressed concern. Bruce Schneier said the current move toward cloud computing is like the computing industry coming full circle. Back in the 70s and 80s, we had underpowered terminals accessing shared computing power, storage, and services on a mainframe. Now, replace mainframe with “cloud” and underpowered terminal with “netbook” or “mobile phone” and you’ll see where we are.

Personally, I don’t think we did a great job of information security in the 70s and 80s, so coming full circle is not a good thing.  Cloud computing must be an area of continued vigilance, concern, and research for the coming years.

What are your thoughts? Tell us in the comments!