RSA 2010 i wizja End-To-End Trust

  • Article

Biezacy tydzien mija pod znakiem RSA. W poniedzialek 01 Marca 2010 rozpoczela sie konferencja RSA 2010 w San Francisco. Konferencja ma tak ogromne znaczenie, ze wszystkie pozostale wydarzenia sa bezposrednio od niej zalezne (m.in. moja konferencja zostala przesunieta). Na RSA mozna posluchac najlepszych specjalistów (jak zwykle) pracujacych w obszarze bezpieczenstwa w wielu dziedzinach przemyslu i organizacjach. Poczawszy od FBI, czy U.S. Department of Homeland Security, skonczywszy na Microsoft, czy IBM.

Dostalam swoimi kanalami informacje dot. wizji Microsoft dla "cloud computing". Jest to wizja, a wiec nie zawiera zadnych technicznych informacji, tylko samo wyobrazenie technologii, a wlasciwie bezpieczenstwa technologii. Prawdopodobnie ciekawiej niz ja przedstawi to Join Scott Charney (Microsoft’s Corporate Vice President of Trustworthy Computing) na samej konferencji, natomiast tych, którzy pozostali w swoich domach zachecam do przeczytania.

Introduction

Since the launch of Microsoft’s Trustworthy Computing initiative and our End to End Trust vision, the company has been working to further protect Internet Citizens’ security and privacy through security and privacy fundamentals, technology innovations and social, economic and political alignment. At last year’s RSA conference, we shared the progress made inside and outside of the company toward our vision for a safer, more trusted Internet.

Our vision has not and will not change for some time, but it’s constantly reexamined in light of the continuing shift in computing paradigms, technology trends, customers’ needs and world events. That brings us up to today, where we are in the midst of an evolution in computing.

“Cloud Computing”—Background and Similarities

  • Today, the IT world is in the midst of an evolutional paradigm shift. People are talking about the shift to cloud computing and the associated benefits, risks and security and privacy implications. Recent surveys highlight the need for strategic analysis of everyone’s existing plans and procedures to consider the impact of potential transitions to cloud computing:
  • Microsoft study: 58% of the general population and 86% of senior business leaders were excited about cloud computing, but that more than 90% of these same people were concerned about the security, access and privacy of their own data in the cloud.
  • However, while cloud computing brings both benefits and risks, to understand how it differs from computing today requires both an understanding of the cloud shift and careful thought about what’s new, what’s the same, and how the computing model affects businesses and consumers.
  • The word “cloud” is not new. Some services have long been “in the cloud,” and the term refers to several different computing paradigms, not all of which are completely new.
  • Software as a Service
  • Platform as a Service
  • Infrastructure as a Service

Some clouds will be completely private, other wills be public, and there will be hybrids that mix public and private capabilities. Customers will have many choices when it comes to adoption of cloud computing.

  • The cloud brings opportunities, amplifies certain existing issues and introduces new ones that need solutions broader than technology; however, many of the requirements for security and privacy in the cloud remain the same.
  • Fittingly, those requirements align with the concepts Microsoft has been making progress toward as part of its End to End Trust vision.

End to End Trust and Cloud Computing—Commitment Demonstrated through Progress

  • We continue to exist within an environment of threats. Criminals are adapting and innovating to develop new techniques to anonymously extract profit from Internet citizens. The industry needs to adapt with them and develop new ways to combat cybercrime.
  • Many of the requirements for security and privacy in the cloud remain the same as those outside of the cloud. The concepts within Microsoft’s End to End Trust vision still apply and help address concerns and requirements related to security and privacy in the cloud.
  • Need for Security and Privacy Fundamentals
  • ­Need for Technology Innovations
  • ­Need for Social, Economic, Political and IT Alignment
  • Security and Privacy Fundamentals, defense in depth and threat mitigation remain an industry necessity in and outside of the cloud and Microsoft continues to make progress against its commitment in this area. Microsoft continues to evolve its approach to fundamentals and this year has released the SDL for Agile Development, Simplified SDL and Privacy Guidance relative to cloud applications, providers and customers. We already released Microsoft Security Essentials which provides no-charge threat migration for Windows customers. With the growth and evolution of the threat landscape, the number of vulnerabilities in the application layer has risen dramatically and has become a prime target for cybercriminals.
  • We also still need Technology Innovations for security and privacy in the cloud. One of the areas where the cloud amplifies the need for progress is the need for identity solutions that help solve some of the fundamental security and privacy problems inherent in the current Internet identity systems.

Importance of SEPITA Amplified in the Cloud

While many of the requirements for security and privacy in the cloud remain the same, when Social, Political, Economic and IT forces interact with the technology changes of Cloud Computing, certain security and privacy issues are amplified and become more important:

  • ­Shared Accountability [Scott will discuss and give examples. Compliance when part of your Enterprise is hosted in a cloud may be one example discussed.]
  • ­Co-Tenancy / Co-Mingling [Scott will discuss. One example that may be used centers around who gets to do a forensic investigation after an attack is detected against a Cloud-hosted enterprise.]
  • ­Geographic Location / Jurisdiction [Scott will discuss. One example might be concerning how traditional law enforcement discovery and notice change when everything is hosted in a Cloud.]

The path to a safer, more trusted Internet is not a short one and it will take time, and investment, from everyone in the online ecosystem – customers, IT Pros, Governments, Developers – everyone. Microsoft is committed to doing our part to realize the potential of a safer, more trusted Internet and you can expect us to announce new developments and progress towards this for some time to come.

Today we are calling on people, and the industry, to:

  • ­Creatively prevent and disrupt cybercrime – we have shared examples and encourage others in the industry to tackle this problem – head on.
  • ­Deploy robust identity solutions that respect individual privacy – today we have announced technology that makes a claims based identity metasystem possible – we hope the industry, developers and others who manage identity online take advantage of this technology to provide solutions that work for the problems our customers have today with identity.
  • ­Governments need to take action to define “normative” behavior for accessing data in the Cloud – today we talked about issues that are accelerated by “the cloud” paradigm – private and public sector cooperation is needed to advance how we think about these issues and find solutions.

You can learn more about End to End Trust and how Microsoft is working as a company and with the rest of the industry to obtain a safer, more trusted Internet at http//www.microsoft.com/endtoendtrust.

Autor: Paula Januszkiewicz [MVP]