Thursday 7 May 2009

Trust and ‘Rock Stars’: Reflections on security gigs

It is now a full week after the close of the InfoSecurity 2009 show, which followed the RSA 2009 conference. Secerno was in attendance at both of these events and I was busy giving presentations, panel appearances, analyst meetings and press interviews.
My observations from these events are:
  • Public awareness of IT Security Issues continues to grow and this is powering the underlying confidence that seems to be around in the IT Security Industry.
  • Messages relating to compliance and data governance adorned many stands as a sign of where customers have budgets. Let’s hope that in years to come the messages are about security life-cycle technologies to improve the quality and run-time safety of our software-based infrastructure.
  • Cloud computing is a hot topic. Some commentators view it as something presenting new opportunities/challenges whilst others are simply “bored” with it already (see below).

I was in the intimate audience at BT’s stand (offering a range of security products and tools) when their Chief Security Technology Officer Bruce Schneier gave his presentation. He was commenting on Cloud and having said on a panel at RSA that he was “bored” about it, he could not see what the distinction was between cloud and existing outsourcing models. His view was that it all comes down to “trust”. There is the challenge of how one establishes trust and what levels of due diligence firms already do with their outsourcers, and how to go about this in the cloud environment.

Bruce drew analogies between service provision and contract law, and suggested that the future of (data) security revolved around a legal framework. I challenged him on “Legislation being the answer” and he replied that is was a necessary piece, but not the whole answer. In his view, the security risk for an organization is controlled via a magical “graphic equalizer” with many “sliders” to adjust. The organization needs to fiddle the sliders to produce a profile that they are comfortable with.

After his presentation, BT were giving out copies of Bruce’s new book Schneier on Security, and the audience diligently lined up to have their copy signed. The dust jacket of his book has on the front “The closest the security industry has to a Rock Star”. Now there is a rock-star whose voice we should trust.