News

Feds, Cloud Security Take Center Stage at RSA 2010

The speaker lineup at this year's annual RSA Security Conference and Expo, underway this week in San Francisco, is packing some serious federal heat. Homeland Security Secretary Janet Napolitano, White House Cyber Security Coordinator Howard Schmidt and FBI chief Robert Mueller will all be taking the keynote stage.

Mueller, speaking Thursday, will be discussing how law enforcement and the private sector need to work together to fight cybercrime, but Schmidt and Napolitano, were last-minute additions to the roster, so the subjects of their talks -- taking place this afternoon and Wednesday, respectively -- are anyone's guess.

Two cyber security mavens who served in previous administrations -- former Secretary of Homeland Security Michael Chertoff, and former chief counter-terrorism adviser at the National Security Council Richard Clarke -- will be participating in a panel discussion scheduled for Wednesday: "Dealing with Sophisticated Threats in Cyberspace without Creating Big Brother," moderated by Quentin Hardy, national editor of Forbes magazine. Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), will also participate.

The hot topic at this year's event appears to be security in the cloud, with an emphasis on application development and an uneasy nod to the security impacts of social networking. The conference schedule includes 18 tracks and more than 250 sessions, including a brand new track, Data Security, that covers strategies, practices and technologies for classifying, tracking and protecting sensitive data in the cloud.

"Cloud services are clearly the next generation of information technology that enterprises must master," Jim Reavis, founder of the Cloud Security Alliance (CSA), a not-for-profit organization promoting best security practices in the cloud, said in a statement. "We have a shared responsibility to understand the security threats that accompany the cloud and apply the necessary best practices to mitigate them."

Yesterday Hewlett-Packard and the CSA took the wraps off new research findings detailing the potential security threats posed by cloud services. In a paper entitled "Top Threats to Cloud Computing Report," researchers found that, because Web sites in the evolving online social ecosystem rely on APIs to present data from disparate sources, they often suffer from what the report calls "weakest link security." That's where one insecure API can adversely affect a larger set of participants. Consequently, existing vulnerabilities "are magnified in severity in cloud environments," and "new, cloud-specific techniques put data and systems at risk."

Among the companies announcing cloud security products at the show is Santa Clara, Calif.-based Cenzic, which just unveiled a new self-service Web security platform: ClickToSecure. With this release, the company is opening its APIs to support integration with other vendors' products, including Citrix and Xybershield.

Security as a Service is also on the agenda at this year's RSA event. Companies such as Franklin, Tennessee-based Cybera will be extolling the virtues of cloud-based security services. Cybera will be exhibiting with security products provider McAfee, and promises live demos of the new Secure|Wave wireless intrusion detection service on the exhibit floor.

Another Software as a Service provider, Orange, Calif.-based M86 Security, is planning to unveil a cloud-based secure messaging service at the show. The service combines inbound and outbound content filtering, granular policy control, an anti-spam engine and behavioral malware analysis technology.

On the standards front, the members of the OASIS open standards consortium are planning to demo three security standards at the show: Identity Metasystem Interoperability (IMI), Key Management Interoperability Protocol (KMIP), and Cross-Enterprise Security and Privacy Authorization (XSPA). IMI enables the use of info cards to manage personal digital identities. KMIP provides a single protocol for communication between encryption systems and legacy enterprise appliances. XSPA is designed to enable the exchange of healthcare and privacy policies, consent directives and authorizations. The consortium's membership includes IBM, Microsoft, Sun/Oracle, CA, HP, Jericho Systems, Novell, SafeNet, the U.S. GSA, DoD and Department of Veterans Affairs.

Back for a second year is the RSA's Innovation Sandbox. These half-day, ask-the-experts, white-board sessions, held on Monday, included a discussion of social networks, the pros and cons of a corporate "Big Brother" mentality, and a session entitled "What the heck should the government do to improve security?"

Set for Tuesday, the annual cryptographers' panel is also back. Moderated by RSA Chief Scientist Ari Juels, the panel includes Whitfield Diffie, visiting professor from Royal Holloway College in London and Stanford visiting professor; Martin Hellman, EE professor at Stanford; Ronald Rivest, MIT computer science professor; Adi Shamir, computer science professor from Israel; and Brian Snow Former Technical Director, NSA IAD.

And event organizers have planned for some "special-guest" IT luminaries, including Apple co-founder Steve Wozniak and Craigslist founder Craig Newmark, among others.

This is the 19th RSA conference. The event is being held at San Francisco's Moscone Center and runs through Friday. Conference organizers said they expect a record crowd.

About the Author

John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].

comments powered by Disqus

Featured

  • Mastering Blazor Authentication and Authorization

    At the Visual Studio Live! @ Microsoft HQ developer conference set for August, Rockford Lhotka will explain the ins and outs of authentication across Blazor Server, WebAssembly, and .NET MAUI Hybrid apps, and show how to use identity and claims to customize application behavior through fine-grained authorization.

  • Linear Support Vector Regression from Scratch Using C# with Evolutionary Training

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the linear support vector regression (linear SVR) technique, where the goal is to predict a single numeric value. A linear SVR model uses an unusual error/loss function and cannot be trained using standard simple techniques, and so evolutionary optimization training is used.

  • Low-Code Report Says AI Will Enhance, Not Replace DIY Dev Tools

    Along with replacing software developers and possibly killing humanity, advanced AI is seen by many as a death knell for the do-it-yourself, low-code/no-code tooling industry, but a new report belies that notion.

  • Vibe Coding with Latest Visual Studio Preview

    Microsoft's latest Visual Studio preview facilitates "vibe coding," where developers mainly use GitHub Copilot AI to do all the programming in accordance with spoken or typed instructions.

  • Steve Sanderson Previews AI App Dev: Small Models, Agents and a Blazor Voice Assistant

    Blazor creator Steve Sanderson presented a keynote at the recent NDC London 2025 conference where he previewed the future of .NET application development with smaller AI models and autonomous agents, along with showcasing a new Blazor voice assistant project demonstrating cutting-edge functionality.

Subscribe on YouTube