Last week I attended the ICCC in Paris where Ashit Vora, Manager, Security Assurance, Cisco discussed the Cloud and how Common Criteria can be used to help mitigate threats. The following is an excerpt from his presentation and food for thought on Cloud security.
More and more enterprises, including governments are moving their data “to the Cloud” in the hopes of saving infrastructure and maintenance costs. But is this at the risk of security? As both private and public Clouds become pervasive, security is going to be a major concern. Cloud infrastructure by definition has large amounts of information including proprietary information, competitive information, information of different classification levels, etc. In addition, the types of mechanism available to access the information in the Cloud, such as B.Y.O.D. (Bring Your Own Device), are increasing day by day. If the proper security mechanisms are not in place and validated, it could prove to be damaging to all users of the Cloud.
Alicia Squires, Common Criteria Users Forum (CCUF) Chair, and Cisco Certifications Engineer, CC Users Forum press conference reviews the mission of the CCUF and the benefits of Common Criteria at the 13th Annual International Common Criteria Conference, held in Paris September 18-20, 2012.
The Common Criteria User Forum mission is to provide a voice and communications channel amongst the CC community including the vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policy makers, and other interested parties.
When police chiefs, international community policing leaders, and technology all come together, you get innovative solutions that make the world a safe place. With that said, I’m really excited that in a very short time period, I’ll be headed to San Diego for IACP 2012, which is the 119th Annual International Association of Chiefs of Police Conference and Law Enforcement Education and Technology Exposition. This event runs from September 29 to October 3 and will showcase technology and bring together global leadership in community policing from around the world to share information and experiences and to work together to find solutions to issues they are facing as a community.
Check out the IACP video below featuring Police Chief William Lansdowne of the San Diego Police Department.
Cisco’s early adoption and implementation of Next Generation Encryption (NGE) is paving the way for the next decade of cryptographic security. NGE provides a complete algorithm suite, comprised of authenticated encryption, digital signatures, key establishment and cryptographic hashing. These components provide high levels of security and scalability, aimed at setting the standard for the next 10 years of encryption.
The next generation of encryption technologies meets the evolving needs of agencies and enterprises by utilizing modern, but well reviewed and tested cryptographic algorithms and protocols. As an example, Elliptic Curve Cryptography (ECC) is used in place of the more traditional Rivest-Shamir-Adleman (RSA) algorithms. By upgrading these algorithms, NGE cryptography prevents hackers from having a single low-point in the system to exploit and efficiently scales to high data rates, while providing all of the security of the Advanced Encryption Standard (AES) cipher
As computing power exponentially increases over time, according to Moore’s Law, attackers have access to more powerful tools to crack encryption keys. However, NGE is capable of staying ahead of this curve by improving security and robustness of Cisco’s already market leading trusted solutions to meet emerging global standards into the future.
Check out the video below to learn more about NGE: