RSA 2010 Keynotes - Creating a Safer & More Trusted Internet

9AM Keynote by Scott Charney, Corporate Vice President, Trustworthy Computing at Microsoft

What changes in the cloud, and how end-to-end trust is affected by the cloud.

Traditional & more advanced threats. "Why is it so hard to understand the threat?"
5 issues:
1. Lot of bad actors & many different types
2. Many types of motives: espionage, cyber-warfare, predators
3. Attacks look the same, hard to figure out how to respond
4. Shared and integrated domain mingles everything into the cyber environment
5. Worst case scenarios are devastating and scary

"There are millions of botnets in computers around the world, and most of them are consumer computers."

[Slides show Waledac botnet geographic data and other diagrams from recent Microsoft report]

Microsoft used the court process, and blocked Waledac control domains.
 [remove one head of the hydra and another one comes back]

Charnay talks about kid & mom getting the security dialog box and clicking OK.
Analogy with smoking (personal health issue and also health issue for others around you) and internet safety (making sure that you're not polluting the Internet space around you).

Now focusing on the cloud. Was your cloud platform creating with an appropriate Software Development Life Cycle that ensures security is built-in?

How will we do forensics in the cloud? Example of a hospital getting contacted by a hacker claiming to have some of the hospital's data. If this happened in the cloud, hospital may want to do its own forensics, but cloud company might not allow due to multi-tenancy issues.

Multiple IDs to avoid a national online identification database. Video of German "EID" card, to be rolled out in November 2010. Starts with in-person "proofing" (using govt issued documents), "U-Prove" technology by Microsoft. Shows a student "Erika" getting access to an online bookstore and leaving a comment "gutte Classe" (i.e. "good class") about one of her classes.

Patented crypto algorithms of "U-prove" will be released today, as well as preview code and APIs.

"The cloud has the potential to alter the balance of power between the individual and the state."

Starting with telephone (& wire taps), emails (stored records), over time, government gained more access to individual data.

No comments: