The end of dark ages of security (RSA Conference 2015)

Posted by on 23 Aprile 2015 in Digital Agreement | 0 comments

It could be a turning point in cybersecurity.
Amit Yoran, the new Chairman of RSA said three important things in his beautiful keynote yesterday April 21, 2015. Still not available on video but the transcript http://charge.rsa.com/amit-yoran-keynote/
1) We are losing the battle against hackers: the high/strong firewall does not work. In 95% of cases firewalls and security gates are bypassed using authentic credentials stolen by social engineering attacks. Armored IT doors and walls are built, surrounded by deep IT moats full of IT crocodiles, as in the Middle Ages. But the enemy enters the front door and is already everywhere inside the IT walls. It is necessary to study security solutions that consider this state of affairs: the military maps we use to define information security are out of date and do not describe the battlefield anymore (if they ever did…). Two are the possible pillars of redemption today: digital identity/authentication and functional correlation of data and IT channels.
2) Digital Identity/Authentication. You must have a definition of digital identity that is reliable but also truthful. The easy part is “reliable”: encryption solves the 99.99% of the problems. The hard part is the “truthfulness” of identity or identification. A number or a cryptographic key is not an identity: they are a means of identification. It’s a huge, but little understood, difference. The problem of “truthfulness” of identity/identification is not a technological problem, it is a linguistic, cultural and ultimately legal issue.
3) Functional correlation of data and IT channels. It means that the security of tomorrow will look al lot less like the defense plan of a city under siege, and much more like traffic laws and regulations, which establish where pedestrians can walk, where cars and trucks can drive and how, with all additional rules on speed, security checks, etc. etc.
http://www.usatoday.com/story/tech/2015/04/21/rsa-amit-yoran-computer-security-failed/26139927/
http://fortune.com/2015/04/21/rsa-conference-amit-yoran-keynote/

 

Leave a Reply

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *