News

Feds, Cloud Security Take Center Stage at RSA 2010

• By John K. Waters
• 03/02/2010

The speaker lineup at this year's annual RSA Security Conference and Expo, underway this week in San Francisco, is packing some serious federal heat. Homeland Security Secretary Janet Napolitano, White House Cyber Security Coordinator Howard Schmidt and FBI chief Robert Mueller will all be taking the keynote stage.

Mueller, speaking Thursday, will be discussing how law enforcement and the private sector need to work together to fight cybercrime, but Schmidt and Napolitano, were last-minute additions to the roster, so the subjects of their talks -- taking place this afternoon and Wednesday, respectively -- are anyone's guess.

Two cyber security mavens who served in previous administrations -- former Secretary of Homeland Security Michael Chertoff, and former chief counter-terrorism adviser at the National Security Council Richard Clarke -- will be participating in a panel discussion scheduled for Wednesday: "Dealing with Sophisticated Threats in Cyberspace without Creating Big Brother," moderated by Quentin Hardy, national editor of Forbes magazine. Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), will also participate.

The hot topic at this year's event appears to be security in the cloud, with an emphasis on application development and an uneasy nod to the security impacts of social networking. The conference schedule includes 18 tracks and more than 250 sessions, including a brand new track, Data Security, that covers strategies, practices and technologies for classifying, tracking and protecting sensitive data in the cloud.

"Cloud services are clearly the next generation of information technology that enterprises must master," Jim Reavis, founder of the Cloud Security Alliance (CSA), a not-for-profit organization promoting best security practices in the cloud, said in a statement. "We have a shared responsibility to understand the security threats that accompany the cloud and apply the necessary best practices to mitigate them."

Yesterday Hewlett-Packard and the CSA took the wraps off new research findings detailing the potential security threats posed by cloud services. In a paper entitled "Top Threats to Cloud Computing Report," researchers found that, because Web sites in the evolving online social ecosystem rely on APIs to present data from disparate sources, they often suffer from what the report calls "weakest link security." That's where one insecure API can adversely affect a larger set of participants. Consequently, existing vulnerabilities "are magnified in severity in cloud environments," and "new, cloud-specific techniques put data and systems at risk."

Among the companies announcing cloud security products at the show is Santa Clara, Calif.-based Cenzic, which just unveiled a new self-service Web security platform: ClickToSecure. With this release, the company is opening its APIs to support integration with other vendors' products, including Citrix and Xybershield.

Security as a Service is also on the agenda at this year's RSA event. Companies such as Franklin, Tennessee-based Cybera will be extolling the virtues of cloud-based security services. Cybera will be exhibiting with security products provider McAfee, and promises live demos of the new Secure|Wave wireless intrusion detection service on the exhibit floor.

Another Software as a Service provider, Orange, Calif.-based M86 Security, is planning to unveil a cloud-based secure messaging service at the show. The service combines inbound and outbound content filtering, granular policy control, an anti-spam engine and behavioral malware analysis technology.

On the standards front, the members of the OASIS open standards consortium are planning to demo three security standards at the show: Identity Metasystem Interoperability (IMI), Key Management Interoperability Protocol (KMIP), and Cross-Enterprise Security and Privacy Authorization (XSPA). IMI enables the use of info cards to manage personal digital identities. KMIP provides a single protocol for communication between encryption systems and legacy enterprise appliances. XSPA is designed to enable the exchange of healthcare and privacy policies, consent directives and authorizations. The consortium's membership includes IBM, Microsoft, Sun/Oracle, CA, HP, Jericho Systems, Novell, SafeNet, the U.S. GSA, DoD and Department of Veterans Affairs.

Back for a second year is the RSA's Innovation Sandbox. These half-day, ask-the-experts, white-board sessions, held on Monday, included a discussion of social networks, the pros and cons of a corporate "Big Brother" mentality, and a session entitled "What the heck should the government do to improve security?"

Set for Tuesday, the annual cryptographers' panel is also back. Moderated by RSA Chief Scientist Ari Juels, the panel includes Whitfield Diffie, visiting professor from Royal Holloway College in London and Stanford visiting professor; Martin Hellman, EE professor at Stanford; Ronald Rivest, MIT computer science professor; Adi Shamir, computer science professor from Israel; and Brian Snow Former Technical Director, NSA IAD.

And event organizers have planned for some "special-guest" IT luminaries, including Apple co-founder Steve Wozniak and Craigslist founder Craig Newmark, among others.

This is the 19th RSA conference. The event is being held at San Francisco's Moscone Center and runs through Friday. Conference organizers said they expect a record crowd.