Keynote 1 – Big Data; Threat or Opportunity>
Philippe Courtot, Chairman Qualys Inc.
Big data is everywhere, not just Facebook, Google and CERN. Organisations from the police with cameras constantly taking photos of license plates to log data from corporate systems and web sites. Many companies are now having to deal with or plan to deal with big data in order to understand their systems, their customers, and their users.
What is driving this for ‘ordinary’ organisations?
– Increasingly complex and virtualised IT infrastructures
– Workload mobility
– Bring your own device / computer
– Cloud computing
All require increasing amounts of data to be collected and aggregated in order for an organisation to understand and ensure compliance of their environments.
Cloud computing is both aiding this by making the storage and compute power available to any business that has to deal with big data, and driving this through its scale, virtual and always on nature.
How do we ensure the security and understanding of these complex environments? We must build security onto to overall cloud and application architecture. Realise that the cloud has multiple ‘flavours’ from IaaS to SaaS and these are not all the same from a design and architecture perspective. Stop talking and thinking about the cloud as just ‘the cloud’.
From an infrastructure perspective, cloud data centres are fractal, you need to understand what your assets are, but also realise many are the same for example storage and compute. You can monitor all your compute nodes with the same method. Monitoring needs to be in real time and to have analysis and intelligence built in.
If you are running web applications you need to understand how many you have, where they are and how they are being used. Need to look at hardening and understanding this perimeter and correlate logs across these environments. How do we manage code issues and potential exploits and varying methods of authentication? Your developers working on new code and functionality, your support staff may not have enough code experience. Do we need a new breed of operations support with reasonably in depth coding abilities?
Was Philippe referring to DevOps here? This is newish, but not a new idea, many organisations are already using or setting up DevOps teams with the skill sets that were talked about.
Mobile devices are also driving both big data and management challenges to organisations. We need to ensure they are all monitored and managed; Single Sign on, Privacy, Corporate policies. How do we do this to 100s / 1000s / 1000000s of thin devices that cannot have thick very thick applications installed on them? Cloud based services for bath device management and aggregation of the collected data can provide these solutions and scale as required.
How do we ensure security remains ‘front and centre’ as we move to the cloud and scale up? Many existing enterprise point solutions do not scale enough or integrate well enough with the cloud. This is being solved by providing managed security services from the cloud; Security as a Service (SecaaS). Obviously blowing my own trumpet here, but this neatly links to my research with the Cloud Security Alliance on SecaaS!
For me the key message of this talk is that real-time ‘Big Data’ is a key element of tomorrow’s security. We need to understand the implications of this and plan our security strategy to take advantage of this and the insight it will bring.
Keynote 2 – The struggle for control of the internet
Misha Glenny – Author and Journalist
Control of the internet focusses on the debate between security and privacy vs. demand for freedom. The US identifies four areas that need to be managed and prevented; Crime, Hactivision, Warfare, and Terrorism.
How do we balance the need for people to have freedom with the needs for safety and protection online? Is the internet morally neutral?
Crime (cybercrime) quickly took advantage of the internet, from card detail sales sites such as Carderplanet and DarkMarket. Carderplanet was set up >11 years ago. Both these sites have since been taken down, but they paved the way for much more sophisticated criminal organisations.
Criminals now spend a lot of time watching organisations like SOCA and the FBI in order to understand them and anticipate their next moves. So while those trying to catch the criminals are watching them, they in turn are being watched! Hackers have accessed private police files to monitor current investigations and delete intelligence records etc.
There have actually been worldwide ‘carder’ and other criminal activity conferences. For example Carderplanet organised the first worldwide carder conference in 2002. The invite to this conference also alluded to the fact that Carderplanet had a deal with the FSB (Russian secret service) would not interfere with their ‘work’ as long as they did not attack financial institutions, and if they would perform attacks on behalf of the Russian government / secret service as required.
The lines between government spies and criminals are becoming increasingly blurred.
Currently the UK secret service (Mi6 / Mi5) is dealing with ~500 targeted attacks every day. This is up from ~4 per year 10 years ago! The international spend in the west on cyber security is currently around $100 Billion per year. This is set to double over the next few years.
The west wants to work with China and Russia to improve the situation; however they want to be allowed to manage the web within their borders in any way they like if they are to cooperate. This obviously has issues with preventing freedom of speech.
Will the Web brak down into massive intranets? Iran has already stated its intent to disconnect itself from the Web and set up just such an internal intranet. China and Russia want to control and largely segregate their internal users from the rest of the Web.
We need original thinking to resolve these issues!