Chances are, if you read 10 articles or blog posts about the 2010 RSA conference, you will hear the term “cloud computing” ten times. The cloud was clearly the dominant theme of most of the presentations, product demonstrations, and discussions which took place at the Moscone Center in the first week of March 2010. However, another theme was nearly equally present in presentations and discussions: Cybercrime.

Read the rest of this entry »

As I mentioned in an earlier post, the 2010 RSA Conference Keynote addresses have been posted online and I’m linking some of my favorites from the 2010 conference. You can view an interactive webcast, view the video, or even listen/download audio-only podcasts of the keynote presentations. It is often hard to follow the keynotes in the first day, so I’m just going to mention the highlights from the rest of the week.

• Tuesday’s keynote by Philippe Courtot, Chairman & CEO of Qualys was a pretty good one, and should have been given prior to some of the other keynotes since it provided a bit of a primer on cloud computing. He discusses some basics around cloud computing and what it will likely become in the future.
• It is always important to hear what the Government has to say, so Janet Napolitano’s brief remarks are worth watching.
• Tired of pure security talk? Catch a good presentation and discussion on emerging brain-computer interfaces by Dr. John Donoghue.
• While I think Art Coviello’s keynotes have been getting better over the years, I always preferred the first day keynotes by Jim Bidzos. We were fortunate to get a keynote presentation from him this year about security and trust on the Internet.
• And finally, the always entertaining Hugh Thompson provides a look at the steps forward and back in security over the last year and interviews a few individuals including Craig Newmark from craigslist and Steve Wozniak.

Keep an eye on the 2010 RSA Conference website, especially if you were an attendee/delegate. Over the coming weeks and months they often make some of the most highly valued discussions and presentations available for viewing. It is a good way to stay connected to the themes of the year even if you couldn’t be at the conference.

On Wednesday, while the virtualization and cloud computing topics were continuing to see a lot of coverage, I began to focus my attendance in some different areas. The first Wednesday keynote included a brief discussion of the 60-day cybersecurity review by Melissa Hathaway, Acting Senior Director for Cyberspace for the Obama administration. While she did not tip her hand regarding what would be in the final report, she spent a lot of time discussing the importance of the report and the work which will come out of it. You can read her speech by following the word document link on this article in The Atlantic.

Also on Wednesday was a panel discussion on the increasing prominence of legal and audit concerns in security featuring two federal judges and two lawyers. The presence of two federal judges at the RSA conference should be viewed as good news, as it clearly demonstrates that the legal system is taking note of and participating in a dialog with the security industry as a whole. Also there was an individual talk in the Governance-Legal track in the same thread, “eDiscovery Cooperation Workshop for Attorneys and Technologists”. Meaningful information security-related laws and regulations can only be developed and enforced by a team which includes the legal system and the security practitioners.

Other sessions that were heavily attended and well regarded were individual sessions for which there is not yet a link for video or audio. These include “Is Google Evil?” by Ira Winkler, and “The Danger that Lurks in the Internet’s Core Protocols” by a panel including Jeff Moss, Dan Kaminsky and Anton Kapela.

I can easily sum up what nearly every talk, every keynote, and every booth vendor is discussing here at RSA.  I just need four words: “Cloud computing and virtualization”. Virtualization is important because of the desire to make things cheaper and easier to maintain, and presents a powerful argument for power savings especially the week of earth day. The security concerns in virtualization are generally no different than they are with any current system, except for attack vectors between the host and guest operating systems. Virtualizing security services may be helpful in long term cost savings, but introduces additional risks which must be considered and mitigated or accepted.

During the Cryptographer’s Panel, counterarguments about cloud computing were presented. Whit Diffie said he was excited, while Ron Rivest expressed concern. Bruce Schneier said the current move toward cloud computing is like the computing industry coming full circle. Back in the 70s and 80s, we had underpowered terminals accessing shared computing power, storage, and services on a mainframe. Now, replace mainframe with “cloud” and underpowered terminal with “netbook” or “mobile phone” and you’ll see where we are.

Personally, I don’t think we did a great job of information security in the 70s and 80s, so coming full circle is not a good thing.  Cloud computing must be an area of continued vigilance, concern, and research for the coming years.

What are your thoughts? Tell us in the comments!