CTO Blog

CTO Blog

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

RSA 2012: Security – we move from failure to failure

Category :

This rather arresting phrase is actually a direct quote from Whitfield Diffie’s presentation, one of the security industry’s best known veterans at the annual RSA Security event.

Security is a difficult topic at the best of times and right now it’s facing a whole new generation of challenges associated with the shift towards clouds, and Bring Your Own Devices. Identifying the problem(s) by a variety of experts can be found in a summary of memorable statements by industry experts at the event, and that’s where the above quote appears.

However there were two topics that caught my eye at the event and promise to deliver some answers. The first and simpler one was the focus on coping that “bring your own device’ is now a fact of life in many enterprises and can’t be simply cured by the IT department saying no.

John Stewart Chief Security Officer at Cisco summed up the issue on how senior managers’ own adoption of tablets and allowing staff to do the same with the statement, ‘I find out what they said yes to after they’ve said yes’. John has a useful blog on security issues and approaches but the topic of securing mobility devices was covered by many vendors in addition to Cisco.

For a reasonable briefing on what exactly the issues are and what the first requirement is on the basis of that definition, then as a good starting point, Bradford Networks has a downloadable white paper  on developing a secure BYOD strategy.

There were a lot of products for Android announced because it’s ‘open’ enough for the security product vendors to get to grips with it, but the real challenge is Apple iOS which is kept as a closed OS.

McAfee introduced new tools for BYOD, the EMM 10, which included some controls for Apple smartphones and tablets around how corporate emails could be prevented from being forwarded – a  basic risk. As this is still a tricky area to deploy and get the intended results, McAfee have a community to discuss issues, problems and solutions that make this kind of leading edge implementation a little easier. You will have to register but hey that’s security isn’t it!

The second topic was acknowledging that we are developing and deploying in a new environment with the cloud. And there needs to be a real effort beyond the worthy but slow efforts of the security standards industry to do something.

Microsoft’s Craig Mundie announced that they were kicking off Trustworthy Computing Next, TwC. On the homepage you can load an excellent white paper on the initiative that defines the new environment and the issues it brings as well as the needs to address. There is also a companion blog site and the chance to give feedback.  And it is worth remembering that ten years ago the original Trustworthy Computing initiative did become something of a milestone in the importance of security in all parts of ‘computing’.

But what didn’t seem to get discussed and answered? Answer: privacy. But then is that a product issue or a service-operator issue? I suspect it’s more the latter but at least the actions of Google in changing their privacy policy has led to the topic getting more of an airing recently!

About the author

Andy Mulholland
Andy Mulholland
Capgemini Global Chief Technology Officer until his retirement in 2012, Andy was a member of the Capgemini Group management board and advised on all aspects of technology-driven market changes, together with being a member of the Policy Board for the British Computer Society. Andy is the author of many white papers, and the co-author three books that have charted the current changes in technology and its use by business starting in 2006 with ‘Mashup Corporations’ detailing how enterprises could make use of Web 2.0 to develop new go to market propositions. This was followed in May 2008 by Mesh Collaboration focussing on the impact of Web 2.0 on the enterprise front office and its working techniques, then in 2010 “Enterprise Cloud Computing: A Strategy Guide for Business and Technology leaders” co-authored with well-known academic Peter Fingar and one of the leading authorities on business process, John Pyke. The book describes the wider business implications of Cloud Computing with the promise of on-demand business innovation. It looks at how businesses trade differently on the web using mash-ups but also the challenges in managing more frequent change through social tools, and what happens when cloud comes into play in fully fledged operations. Andy was voted one of the top 25 most influential CTOs in the world in 2009 by InfoWorld and is grateful to readers of Computing Weekly who voted the Capgemini CTOblog the best Blog for Business Managers and CIOs each year for the last three years.

Leave a comment

Your email address will not be published. Required fields are marked *.