Some insight on RSA 2016
We just came back from an exhilarating five days at the RSA 2016 Conference in sunny, beautiful San Francisco, California. While there, we heard some of the most recent news in the information security industry. We also heard from thought leaders on such diverse subjects as the right to encryption, the relationship between privacy and government, and the possible evolution of software defined security practices.
In short, it was a whirlwind of exciting information, and we barely had time to sit down. Thanks to the breather we got in the past few days, we can finally distill what we learned in order to offer the most important knowledge tidbits for our readers.
Apple’s fight with the FBI was on the tip of everyone’s tongue
Not one to usually take on “trending” news topics, some of the conference’s top panelists nevertheless dissected and discussed nearly every angle possible in the litigation battle between the FBI and Apple. It makes for the perfect test case as privacy/data protection issues come into public view and butt up against long-assumed “truths.”
Central to the discussion was the U.S. Attorney General’s assertion that tech companies should have solutions in place that can allow law enforcement unmitigated access without compromising data security. Apple presented the natural trade-off that must occur when honoring such demands, and most of the tech industry seemed to agree that developing “cops only” backdoors would quickly invite unwanted abusers and hackers.
As the policy lines are hashed out in court, the FBI potentially leaves the issue in the laps of Congress to dictate how device manufacturers should move forward in the future.
Software defined security as a new game changer
As hardware-based security solutions become more limiting, and data becomes less-tied to physical storage locations, software defined security (SDS) could soon uproot security practices as we know them. Cloud-based systems in particular benefit from virtualized security deployments.
SDS provides the next-level of security by going beyond pattern matching and detection of known threats. The behavior of hardware devices themselves can be monitored and controlled. For instance, a connected HVAC system suspiciously accessing gigabytes of data on unrelated servers could quickly be isolated without having to designate hardware gateways or rigid security rule sets and permissions. This VM-based security approach lends flexibility and scalability while mitigating the risks of compromised hardware.
Preventing hardware compromises for good
Speaking of compromised hardware, UNICOM Engineering and Intel presented at RSA to reveal the next step in security and minimizing threats: Intel’s Transparent Supply Chain Initiative. This program allows for strict hardware sourcing and documentation while providing the authentication protocols needed to prevent firmware-based intrusions from spreading.
Together with Intel technologists, we spoke at length about where the upstart project could soon lead. We could summarize it here, but interested readers can get a better rundown of the topic by reading our new white paper on the Transparent Supply Chain. You can download your complimentary copy by clicking below.