This rather arresting phrase is actually a direct quote from Whitfield Diffie’s presentation, one of the security industry’s best known veterans at the annual RSA Security event.
Security is a difficult topic at the best of times and right now it’s facing a whole new generation of challenges associated with the shift towards clouds, and Bring Your Own Devices. Identifying the problem(s) by a variety of experts can be found in a summary of memorable statements by industry experts at the event, and that’s where the above quote appears.
However there were two topics that caught my eye at the event and promise to deliver some answers. The first and simpler one was the focus on coping that “bring your own device’ is now a fact of life in many enterprises and can’t be simply cured by the IT department saying no.
John Stewart Chief Security Officer at Cisco summed up the issue on how senior managers’ own adoption of tablets and allowing staff to do the same with the statement, ‘I find out what they said yes to after they’ve said yes’. John has a useful blog on security issues and approaches but the topic of securing mobility devices was covered by many vendors in addition to Cisco.
For a reasonable briefing on what exactly the issues are and what the first requirement is on the basis of that definition, then as a good starting point, Bradford Networks has a downloadable white paper on developing a secure BYOD strategy.
There were a lot of products for Android announced because it’s ‘open’ enough for the security product vendors to get to grips with it, but the real challenge is Apple iOS which is kept as a closed OS.
McAfee introduced new tools for BYOD, the EMM 10, which included some controls for Apple smartphones and tablets around how corporate emails could be prevented from being forwarded – a basic risk. As this is still a tricky area to deploy and get the intended results, McAfee have a community to discuss issues, problems and solutions that make this kind of leading edge implementation a little easier. You will have to register but hey that’s security isn’t it!
The second topic was acknowledging that we are developing and deploying in a new environment with the cloud. And there needs to be a real effort beyond the worthy but slow efforts of the security standards industry to do something.
Microsoft’s Craig Mundie announced that they were kicking off Trustworthy Computing Next, TwC. On the homepage you can load an excellent white paper on the initiative that defines the new environment and the issues it brings as well as the needs to address. There is also a companion blog site and the chance to give feedback. And it is worth remembering that ten years ago the original Trustworthy Computing initiative did become something of a milestone in the importance of security in all parts of ‘computing’.