RSA Conference 2010 -- Day 2 Part 1

| | Comments (0) | TrackBacks (2)
The keynotes this year at RSA were really good. The same guys that spoke last year spoke again this year:

  • Art Coviello, Executive Vice President of EMC Corp. and President of RSA, The Security Division of EMC
  • Scott Charney, Corporate Vice President for Trustworthy Computing, Microsoft Corp.
  • Enrique Salem, President and CEO, Symantec Corp.
The theme repeated over and over and over again in the address of all three was cloud computing. They said that cloud computing represents both a challenge and an opportunity.  As others said yesterday, cloud computing is a chance for the information security industry to redo the IT infrastructure with security at its core.  Even more so than last year, these men stressed the inevitability of cloud computing's adoption and Coviello said its transformative impact on society and business will be like that of the Internet itself.  It wasn't that they were crying uncle; it was more like they were saying if we (the information security community) can't deter them, let's lead them.  To this end, Coviello laid out a strategy for businesses:

  1. Begin moving non-critical services to the cloud
  2. Move critical business applications to the cloud
  3. Build internal clouds
  4. Combine your internal and external cloud infrastructures to create a hybrid cloud
In making that first step, he advised attendees to ensure that SaaS providers are able to address GRC, SLA, policy, identity, and multitenancy needs (the last being the hardest he said).  Through these, the cloud goes from being a nebulous black box to a transparent one:

transparent_cloud.gif

Which seems like something your business wants to invest in? Startups looking to attract enterprise customers and acquisition should ensure that their offerings are like the later, something that I imagine will be hard for many of them due to a lack of experience working in and with large enterprises.

Coviello closed with a helpful analogy in which he compared cloud computing to the finical system.  Initially, we traded chickens for grain; then we used coins; then we "virtualized" our finances and began using paper money -- an act that places trust on the issuer of the notes; then, we created stocks and bonds to allow us to distribute wealth in a more "elastic" manner.

To make this happen, Charney picked up after him, identity is going to be a fundamental obstacle that we must overcome.  Including wording on his slides, Charney said identity over 25 times in his short address.  Microsoft, all the other speakers, and myself believe that identity is key in the adoption of cloud computing which is the future of all organizations.  To this end, Microsoft just released a public beta of U-Prove, a technology that is built on top of WIF, ADFS, and CardSpace; it provides the least amount of information necessary to conducting one's business online in the cloud.  I've had early access to an alpha of this software and talked to Christian Paquin, one of its creators, last year at RSA.  It is a really compeling technology and the release of the public beta, free use of its crypto, and open source reference code is an important step in overcome the identity barrier.

There's a lot more to see and here today, so I'll post again this evening if I have time.  Keep an eye on my Twitter stream for real-time updates and drop me a line if you have any questions/comments about the keynotes or U-Prove.