RSA 2012 is the biggest event in the security calendar. I’m here in San Francisco immersing myself in a buzz of activity and discussion about the latest cyber threats, data breaches, risk management and cloud security. But despite all the hustle and bustle I can’t keep away from my favourite blogs and wanted to share my thoughts on a recent post by @ahaislip on Wired’s Cloudline blog.
Alexander covers a key question facing many IT professionals today: how do I ensure that my data will be secure in the cloud? For me, the key factor here is to be able to ensure that the identity of the user is in fact who they claim to be.
When I meet you in person, unless you have undergone massive reconstructive surgery like [spoiler alert!] Johnny Depp’s character in The Tourist, there is a high level of assurance that you are the person I know. In the digital world we do not have the same amount of information available to us. We need to rely on some other forms of identification to help give us the same level of assurance.
Walking the show floor here, there are numerous examples of technology built to help “protect the cloud”, but until you are able to have a trusted identity, the cloud will not be truly ready for use in the business. So what is the answer? What can we do to solve this issue?
We have to continue to push for strong authentication based upon a verified via a certificate based identity. This has been deployed by the U.S. government throughout the entire Department of Defense. As the world’s largest employer, it had to find a way to validate the identity of their users anywhere in the world connecting to their network. The Common Access Card used by the Department of Defense uses certificate based identity to protect and ensure the identity of all users gaining access to this sensitive network.
As businesses move to the cloud, I think this is a great example of how we can ensure the identity of all users. But this cannot happen overnight. While the security industry (and those who market it) may come in for criticism over perceived scaremongering, I believe that there is a real need to keep looking for solutions that can help bring about the promise of a secure cloud for all.