RSA 2015: Enhancing Cloud Trust
When it comes to information security, the move to the cloud highlights two key features: transparency and control. Scott Charney, Corporate VP of Trustworthy Computing at Microsoft, raised the question of how it is possible for people to provide control and transparency in this new environment, and what it looks like.
During his RSA keynote, Charney addressed Microsoft’s 2004 plan to implement a security innovations model. Microsoft changed the way it updated systems and this improved the state of play, but threat models kept getting worse. Charney noted that when data was stolen in the past it did not always have an immediate impact, but the world has changed, and the attacks have become more destructive.
“Destructive attacks change the conversation,” he said. “They stop you from doing your daily business, and it is the nature that has changed the conversation to take place in executive suites and the board rooms.”
Charney pointed out that with the cloud comes a different type of risk. As a cloud builder, you want to protect your customers, but in a post-Snowden world, we all have a little bit of concern about each other. Since a cloud service allows organized crime organizations to subscribe just as a normal customer can, the major challenge is to protect the fabric from malicious VMs.
The threat model is constantly evolving, but there are ways to mitigate threats through simply keeping software updated and securing passwords. “Passwords can be not just stolen and phished, but also lost—we all know we need to move to a new system,” Charney said. Customers want to be able to manage their new environments, but when you move your technology into the cloud, you lose some of that control.
According to Charney, destructive attacks have woken the market up. Security expertise and technology gets consolidated into the cloud, which is needed for small and medium size businesses that cannot afford to invest a lot in cybersecurity. “The cloud will be key,” he said. “But, we need technically enforced boundaries to ensure that those who want to migrate to the cloud have faith; and they have faith because they have control and transparency, so the faith is grounded in fact.”
Latest posts by Kendra Dorr (see all)
- RSA 2015: Into the Woods: Protecting Our Youth from the Wolves of Cyberspace – April 24, 2015
- RSA 2015: Quantitative Security: Using Moneyball Techniques to Defend Corporate Networks – April 24, 2015
- RSA 2015: Talking ‘bout My Next Generation – April 23, 2015