Wave Systems Corp. (fka WAVXQ)

[awk]

Wave blog: Microsoft’s Scott Charney Declares Trustworthy Computing at “Inflection Point” in RSA Keynote

Mr. Arnone is an independent security writer who will be blogging live from RSA Conference 2012. Look for his Security Matters posts all week as he gives an on-site view of conference sessions, exhibit highlights, and this year’s hot debates.

http://blog.wave.com/arnone/microsoft%e2%80%99s-scott-charney-declares-trustworthy-computing-at-%e2%80%9cinflection-point%e2%80%9d-in-rsa-keynote

The RSA 2012 Conference yesterday opened its first official day with its customary fanfare: a Hollywood-worthy short movie followed by Bollywood-style production number, complete with a gospel choir singing the Rolling Stones’ “You Can’t Always Get What You Want” with the lyrics changed to mention identity protection and big data. RSA’s executive chairman Art Coviello took the stage and homed in on the opening song’s refrain: “You can’t always get what you want, but if you try sometimes, you just might find you get what you need.” He praised the wisdom of the lyrics for the IT security industry, which hasn’t yet achieved a world without risk but has provided protection necessary for the Internet to prosper worldwide.

The morning’s second keynote built off these themes. Scott Charney, Corporate Vice President of Microsoft’s Trustworthy Computing group, ran down the laundry list of security measures Microsoft has undertaken since Bill Gates’s historic 2002 memo launching the company’s Trustworthy Computing initiative, from Windows Server 2003 to Windows 7. He included Windows 8 measures as well: SecureBoot; UEFI ; remote attestation to know the machine boots the right way; and Dynamic Access Control. All of these efforts, he said, were to create a trusted end-to-end stack of people, data, software and hardware – with all of it rooting trust in hardware.

Both men noted, however, that mobility, consumerization of IT, cloud computing and other factors are exacerbating risks faster than governments and enterprises following current security models can keep up. Coviello said organizations need predictive and preemptive multi-source counterintelligence that sifts through massive amounts of data to detect faint signals of stealth attacks. In short, IT security is soon approaching not being able to provide what people need, let alone what they want.

“We’re at an inflection point again,” Charney said. “The role of IT has changed. A relentless focus on Trustworthy Computing has never been more important.” Coviello called on the audience to “realize perimeter-based defenses and signature-based technologies are past their freshness dates.”

The speakers called for risk-based approaches that leverage high-speed big data analytics to provide real-time situational awareness and actionable information. IT systems would have scaleable, intelligent, automated controls that recognize anomalous behavior. These steps couldn’t stop all attacks but could put the balance of control firmly back into hands of security practitioners, Coviello said.

Microsoft’s proposed solution, TwC Next, recommends organizations move from a two-pronged IT security strategy (prevention, response) to a four-pronged one (prevention, detection, containment, recovery). Metadata underpins the program’s many proposed improvements, including remote attestation of user identity and machine health states, as well as application and data provenance.

Everything Coviello and Charney talked about – big data analytics, visibility, transparency, control, all of it – relies on known devices and users. Known devices and users not only make all the data and metadata reliable for big data analytics, they also decrease the amount of information IT security systems must analyze by preventing a lot of attacks in the first place.

Acknowledging his own company’s breach last year, Coviello said, “In our interconnected world, an attack on one of us is an attack on all of us.” With the solutions above, he added, “Knowledge gained by any one of us can become power for all of us.”