Are the Internet's 'Wild West' days near an end?

Microsoft, RSA execs propose centralized authority to ensure security

SAN FRANCISCO — Ensuring trust in an increasingly complex and networked world could require collective defenses with some type of centralized authority, executives from RSA and Microsoft said Tuesday at the opening of the RSA Security Conference.

Art Coviello, executive chairman of RSA, the security division of EMC Corp., introduced the concept of the Cloud Trust Authority, a collaboration between RSA and VMWare, to provide trust and visibility into virtual and cloud environments.

“Virtualization and the cloud will shake the evolution of security dramatically and positively,” Coviello said.

The CTA will be beta tested in the second half of this year with services for identity management and regulatory compliance, he said.

Related coverage:

Cyber war dominates the landscape at RSA conference

What’s missing from cloud security

Scott Charney, Microsoft corporate vice president for trustworthy computing, expanded on an idea he proposed last year for collective defense based on the public health model. It would use digital health certificates to enable access to the Internet or to specific services.

“Collective defense is better than individual defense,” he said.

The public health model could extend from educational efforts to the establishment of national and international organizations to collaborate and enforce standards of security and acceptable behavior.

Such a model would mean the demise of the Internet as an unregulated Wild West environment in which anything goes, Charney said. But this is only an extension of a trend that already has started, he added.

“Governments are back,” and in the United States and elsewhere, governments are accepting a role in the regulation and security of the Internet, he said.

Both Coviello and Charney said security now must be information-based rather than platform- or system-based. Virtualization and the cloud, as well as the adoption of mobile devices, are divorcing information from hardware, and security must follow the information rather than defend a system.

Organizations are moving to the cloud because of business needs, but as the move becomes inevitable, the new technology can be used to improve visibility and control, Coviello said.

Technology to enable the security infrastructure Charney described already exists, and there is a growing alignment between economic needs, political will and social acceptance of new security measures, Charney said. But the increased role of government or some other central authority in regulating access to Internet resources based on the security status of a device still raises eyebrows.

“Government is already getting more involved,” Jeff Jones, Microsoft’s director of trustworthy computing, told Government Computer News. Governments no longer are taking a hands-off approach to the Internet.

Following up on his use of the public health model, Charney likened online computer use to the regulation of smoking. Individuals are allowed to smoke, but public smoking is regulated or prohibited because of the risk to others. In the same way, and unsafe computer connected to the Internet can have an impact on others, so health-based requirements for joining an online community fulfill much the same purpose.

Public acceptance of such a model probably still is some time off, but Jones said, “we felt it is important to engage in this dialogue.”

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • security in the cloud (ShutterStock image)

    Cloud security is the agency’s responsibility

Reader Comments

Wed, Feb 16, 2011 Florida

The private sector has the ability and know-how to build it's own global network apart from guberment, and Microsoft, authority and control. Even if the guberment were to make such rogue networks illegal, say in the name of national security interest, there will always have our Wild West. It's what most people want -- freedom!

Wed, Feb 16, 2011 Den Bock zum Gärtner machen

Centralized authority and Internet security in the hands of Microsoft - what a joke! This company is the biggest security-hole ever, or one could call them - Digital-World Polluter

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group