Are we heading to a day of reckoning, where the forces of cyber crime overwhelm and erase the good things that information technology delivers? If we head down our current path of incremental, individualized approaches to cyber security, the answer is “Yes.” But I’m enough of an optimist to think that if the IT and security geeks and wonks of the world can unite, share information, work hard, and not worry about who gets the credit, we stand a fighting chance. Read More »
The RSA Conference is expected to be bigger and better than ever this year—more booths, more vendors, more technical sessions and keynotes.
But I have to ask the question: “Are we as IT practitioners better off now than we were 4 or 5 years ago?” There are a lot of people at the show who worry that the old approaches aren’t working and next generation solutions have not clearly come into focus. I do think, however, there are reasons to be cautiously optimistic.
Join me for a live broadcast from the RSA show floor on Wednesday, February 27 at 10:30 AM PT as I discuss what I’m seeing at the RSA conference and what it means for the IT Security industry. We’ll be taking your questions live via Twitter and Google Hangouts. Read More »
“Think globally, act locally” is a phrase, now cliché, because it expresses an incontrovertible and immediately graspable truth. The global-local concept applies when it comes to mobilizing globally-collected cyber threat data, which in turn informs local IT operations against hackers and criminals. Of note, data collections spanning the globe don’t appear magically out of the blue, nor can they be engineered by just “anybody.” This crowd-sourced data must come from IT operations across the world to be collected, analyzed, and actioned. It’s a 24-hour cycle requiring the collective actions of organizations contributing to a mutually beneficial result. I have more to say about this in a video blog post on YouTube.
A month from now, thousands of cyber security friends, colleagues, professionals, hackers, defenders, sellers, buyers, old timers, and newbies will descend on San Francisco for the 2013 RSA Conference. We will challenge one another about what has changed, create new topics and new words to describe the previously indefinable, scare the heck out of each another, and ask the same questions…often: “What’s changed in the last year? Is it better? Is it worse? Is it new?”
“Security in Knowledge” is an apt theme for this year’s RSA. It resonates with me, given my very strong opinions that no company can effectively manage cyber security alone, either people-wise or data- and information-wise. Can any organization analyze 13 billion web requests per day? 150 million endpoints? A daily deluge of 75 terabytes of incoming data? You can’t cope with that yourself. We need to move to crowd-sourcing security, creating security knowledge, and ultimately increasing effectiveness rather than watching the ship continue to take on water at intermittently slowed rates. Read More »
More and more, we ask technology to play critical roles in our businesses, and our lives. Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more. For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.
Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today. Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper. For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/
We foresaw the need for trustworthiness by listening to our customers, and we started early. Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper. Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.