Today at RSA China, Jing de Jong-Chen (senior director, Trustworthy Computing) delivered a keynote outlining the next steps in Microsoft’s evolved security, privacy and reliability strategies for cloud and big data. Scott Charney’s Trustworthy Computing Next whitepaper highlights several interesting computing trends right now:
The Cloud and Big Data
The proliferation of devices and cloud services has resulted in a massive aggregation of global data, also known as big data. While offering many potential societal benefits, this collection of data poses unique challenges. From a security perspective, big data represents a valuable target for attackers. As the cloud and devices become more integrated with society, people also become increasingly dependent on the reliability and availability of data and services to function. Finally, the massive increase in the amount and types of data available for collection, analysis and dissemination has strained traditional rules to protect privacy.
The Role of Government
The advent of big data has also been challenging for governments. Any transformative technological change that recasts the way people live will engender deeper government engagement. This is because governments’ relationship with the Internet is a complex one. Governments globally are simultaneously users of the Internet and protectors of individual users as well as the Internet itself.
Recognizing this, governments may play an increasingly active role in many aspects of the Internet. Some nations are looking at legislatively mandating the adoption of information risk-management plans for those managing information and computing systems.
Evolving Threat Landscape
While the quality of code has improved and infection rates have declined for products developed under Microsoft’s Security Development Lifecycle, the threat landscape continues to evolve. Opportunistic threats have been supplemented by attacks that are more persistent and, in many cases, far more worrisome. This means that we need to start designing systems not just to prevent attacks and recover from them, but also to detect successful attackers quickly and contain them so that any unauthorized access to data or disruption of services is limited. This new paradigm of protect, detect, contain and recover can serve as a practical foundation for managing risk in the age of globally integrated, device driven and data centric computing.
We encourage you to join the conversation through this blog. You can download the whitepaper in a number of languages: