Joy Macknight in San Jose
To move to a frictionless internet world that would not slow down ecommerce, a model of trusted identity that is scalable and reliable needs to be created, said Art Coviello, chief executive and president of RSA Security. Speaking at RSA’s 15th Conference, Coviello proposed pseudonymity, a model that sits in the middle between anonymity and absolute identity.
Opening the conference in San Jose, which was attended by more than 14,000 security specialists, Microsoft’s Bill Gates listed four key things that the security industry needs in order to move forward: a “trust ecosystem”; to engineer for security; to simplify the landscape; and a fundamentally secure platform.
Gates said that Microsoft’s vision of the future was a unified industry coming together to collaborate on technology innovations. He also made the point that the landscape was evolving from financially motivated attacks towards the future where the attacks would have more a specific target, for example technically oriented social engineering attacks, and that the “dreams can be realised if we build a secure infrastructure”. The steps that Microsoft is taking towards this dream were not expanded upon beyond a few new product releases.
Many of the keynote and session speakers repeatedly came back to trust and consumer confidence as two main issues confronting the security industry. Mark Lynd, global chief technology office and vice president of technology at Hudson Advisors, an international asset management firm, identified another: “I think the thread running through the conference is that the products out there need to do a bit of catch up to beat the bad guys. Today there is zero-day exploits and compliance is becoming more complex. Most organisations need to have due care responsibility and comply with their own policies, but financial institutions have to do much more than that because of the razor thin profit margin.”
ID protection and authentication was another hot topic for the financial services industry because of the commercial cost of ID theft. In a keynote roundtable entitled “The controversial cure-all National ID Systems”, the potential benefits of such a scheme was debated. The major concern voiced by all participants was the inherent risk in putting all personal data into one data warehouse which would become a bigger target than the data silos that exist today. James Lewis, senior fellow and director, Technology and Public Policy Program, Centre for Strategic and International Studies, said that getting a national ID system off the ground would see long term benefits, such as moving out of the paper world.
A more down-to-earth approach was taken by Scott McNealy, chairman and chief executive of Sun Microsystems, who reminded the conference participants of something that they are only too aware of — that security issues make headline news. The reason that most participants were there, he said, was to “keep their bosses or themselves out of the headlines”.