SAN FRANCISCO â€" Microsoft's top security executive used his RSA Conference 2012 keynote to ascertain the past and way forward for Trustworthy Computing, the hazards of huge data inside the cloud and ideas that may in the future better secure that data.
Scott Charney, Microsoft's corporate vp of Trustworthy Computing, took benefit of the chance to notice the ten-year anniversary because the famous Bill Gates memo that began the software giant's systemic effort to include security into all its products and processes.
He lauded Trustworthy Computing's success in driving down the variety of vulnerabilities in Microsoft software, reducing the choice of exploitable vulnerabilities and creating enhanced end-to-end trust mechanisms on the web, but noted that continued progress is critical because software vulnerabilities can never be completely eliminated.
To that end, he referenced new security technologies incorporated into past versions of Windows -- including the NEAT (necessary, explainable, actionable and testable) threat communications concept and Bitlocker To move built into Windows 7 -- and emerging technologies with a view to be built into the impending Windows 8 OS, including support for the hardened UEFI BIOS standard, a trusted boot mechanism that loads antimalware early within the process, and Dynamic Access Control.
Yet Charney spent the majority of his time expressing concern over the significant scenarios during which big data is finding its way into the cloud. He specifically mentioned geolocation data and the way it's key to benefiting from innovative and helpful Internet services via mobile devices.
He referenced a project within which Microsoft used cloud-based analysis to assist a doctor identify trends to decide why some patients were returning for treatment within 30 days, with the analysis identifying a pandemic affecting patients staying in a selected hospital room. The processing power that may be applied to important data in a cloud environment, Charney said, can identify a trend like that, which might otherwise go unnoticed.
However, Charney said there are dangerous big data privacy implications that arise from tracking where persons are at virtually all times. Perhaps most concerning, he said, are the questions surrounding whether the govt. must be in a position to access data about somebody if that data resides inside the cloud.
Charney said legal precedent established that an individual's Fourth Amendment rights don't apply if an individual willingly provides information to a 3rd party, however the recent Supreme Court ruling in U.S. vs. Jones â€" that it's illegal to make use of a GPS device to trace someone's whereabouts without first obtaining a warrant â€" suggest the necessity to rethink that conclusion, especially in an international where persons are increasingly surrendering personal data to the cloud.
Charney advocated for a system wherein cloud data is linked to metadata that expresses attributes concerning the data, dictating the way it ought to be treated, used and at last destroyed. He espoused the advantages of a system wherein cloud data may be tagged with metadata instructing the cloud provider to destroy it on a undeniable date so those that prefer to utilize cloud services may have more control over.
Attendees, however, expressed skepticism regarding whether Charney's concepts could ever come to fruition. Jeremy Ehiert with DigitalGlobe in Longmont, Colo., questioned how this type of paradigm can be enforced to compel service providers to regard data because the data provider intended, let alone modify the metadata.
Attendee Adam Hovak with ITT Exelis in Virginia said most data doesn't have that level metadata detail linked to it, and the exponential growth of information existing in cloud environments will only make it harder to create this sort of system.
View all of our RSA 2012 Conference coverage.
Nessun commento:
Posta un commento
Comments links could be nofollow free