RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people. We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another. In a slightly strange way, it’s therapeutic.
That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:
Eight customer meetings
Eight dinners (working out to 1.78 dinners per day.)
Four press interviews: two on-record, one background, 1 live videocast via Google+
Four bizdev/company review meetings
Two analyst interviews
Two partner meetings
One customer breakfast talk along with with Chris Young
And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.
I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.
Last week at the RSA Conference in San Francisco, I had the pleasure of speaking to thousands of security professionals about the opportunities and risks associated with using Software Defined Networking (SDN) for security, which will be the underlying fabric of our next generation data centers and networks. SDN-enabled security will provide a better way to secure our most valuable applications, users and data, now and in the future.
Each vendor has a different definition of how the network is changing, and there are many different terms being used, such as software defined data center and software defined storage. Cisco calls this Application Centric Networking, for example, because we are introducing programmable APIs with a focus on distributed control plane intelligence so that applications can get value directly from the network.
It’s obvious why the networking industry is embracing SDN: lower operational costs and the ability to deploy applications and network services in a quicker, more scalable manner. Cloud bursting, which is about flexible compute in the cloud, is another SDN benefit that gives us the ability for applications to interact directly with the network in ways that do not happen today. For example, applications will be able to query the network for location of users to manage Quality of Service and deliver highly targeted content.
So why should the security industry care about SDN? As the threat landscape evolves, the opportunity is to make Security a key application for SDN. We can use SDN to build a Network-based Threat Defense System. I see three key elements to this system:
Security and its integration with social media continues to be a topic of conversation amongst my colleagues in Security Intelligence Operations. We observe how “being connected” has become an integral part of many lives around the world: each voice has an opportunity to be heard, provided those voices are given unfettered access to the Internet. It’s somewhat like an electronic ecosystem of democracy. And like a democracy, the results of those voices participating in a global conversation are not always well understood or appreciated. I believe that this is due in part to those conversations being filtered through two unavoidable lenses: national borders and culture. Jean Gordon Kocienda provides an excellent analysis on the challenges faced by nation states. In this post, I’d like to offer up some thoughts on the cultural implications of the global conversations taking place in social media.
I have a keen interest in the Latin American region because several of my closest friends and my respected colleagues are from this region. Also, internal market forces and global demand are accelerating the rate of data center projects, further heightening my interest. Last year, I visited the region where I got to see data center build outs and realized the extent of the “greenfield” opportunity. I very recently got acquainted with Daniel Garcia, a 12-year Cisco veteran and Security Specialist sales engineer covering the Latin American region. I found his insights most valuable and different to what I usually hear.
For Daniel the greatest difference between the Latin American Region and other regions is the number of Greenfield data center projects. But Daniel finds that many customers are looking for “cookie cutter” solutions that they implement into their environments without much customizing. This was something I hadn’t heard before but which makes excellent sense. The reason for this approach is that many customers lack in-house IT expertise and require proven solutions. The benefits of this approach mean less risk, less cost and with any validated solutions, far less time in production and testing. The downside is that each organization has distinct needs according to their business line and size, and their risk tolerance will vary. Daniel works with his customers to tweak data center reference architectures to provide customers with a tailored and secure data center environment. Read More »
We’ve invested considerable time, effort, and money in the effort to make Cisco products robust enough for deployment as Trustworthy Systems, either in their own right or integrated into a complete solution. At its essence, attaining trustworthiness is a matter of discipline—a series of conscious actions to build products in the right way, certify their conformity to prevailing industry and customer-required standards, and keep a careful watch on the integrity of the product supply chain, from initial product concept through their integration and operation over a solution lifecycle. But the most important attribute of a trustworthy system is vendor transparency. I define this as a customer’s ability to ask a vendor any question and to receive a complete, honest answer in return.
I have more to say on this subject in a video blog. I also invite you to view the Trustworthy Systems page on Cisco.com and download the newly published Cisco Trustworthy Systems White Paper.