Are the Internet's 'Wild West' days near an end?
Microsoft, RSA execs propose centralized authority to ensure security
- By William Jackson
- Feb 15, 2011
SAN FRANCISCO — Ensuring trust in an increasingly complex and networked world could require collective defenses with some type of centralized authority, executives from RSA and Microsoft said Tuesday at the opening of the RSA Security Conference.
Art Coviello, executive chairman of RSA, the security division of EMC Corp., introduced the concept of the Cloud Trust Authority, a collaboration between RSA and VMWare, to provide trust and visibility into virtual and cloud environments.
“Virtualization and the cloud will shake the evolution of security dramatically and positively,” Coviello said.
The CTA will be beta tested in the second half of this year with services for identity management and regulatory compliance, he said.
Cyber war dominates the landscape at RSA conference
What’s missing from cloud security
Scott Charney, Microsoft corporate vice president for trustworthy computing, expanded on an idea he proposed last year for collective defense based on the public health model. It would use digital health certificates to enable access to the Internet or to specific services.
“Collective defense is better than individual defense,” he said.
The public health model could extend from educational efforts to the establishment of national and international organizations to collaborate and enforce standards of security and acceptable behavior.
Such a model would mean the demise of the Internet as an unregulated Wild West environment in which anything goes, Charney said. But this is only an extension of a trend that already has started, he added.
“Governments are back,” and in the United States and elsewhere, governments are accepting a role in the regulation and security of the Internet, he said.
Both Coviello and Charney said security now must be information-based rather than platform- or system-based. Virtualization and the cloud, as well as the adoption of mobile devices, are divorcing information from hardware, and security must follow the information rather than defend a system.
Organizations are moving to the cloud because of business needs, but as the move becomes inevitable, the new technology can be used to improve visibility and control, Coviello said.
Technology to enable the security infrastructure Charney described already exists, and there is a growing alignment between economic needs, political will and social acceptance of new security measures, Charney said. But the increased role of government or some other central authority in regulating access to Internet resources based on the security status of a device still raises eyebrows.
“Government is already getting more involved,” Jeff Jones, Microsoft’s director of trustworthy computing, told Government Computer News. Governments no longer are taking a hands-off approach to the Internet.
Following up on his use of the public health model, Charney likened online computer use to the regulation of smoking. Individuals are allowed to smoke, but public smoking is regulated or prohibited because of the risk to others. In the same way, and unsafe computer connected to the Internet can have an impact on others, so health-based requirements for joining an online community fulfill much the same purpose.
Public acceptance of such a model probably still is some time off, but Jones said, “we felt it is important to engage in this dialogue.”
William Jackson is freelance writer and the author of the CyberEye blog.