Earlier this year at RSA USA, Scott Charney published the Trustworthy Computing Next whitepaper and started a conversation about current and emerging computing trends with regard to the cloud and Big Data, the role of Government and the evolving threat landscape that over time continues to grow more sophisticated and increasingly complex.
In the ten years since Microsoft announced the Trustworthy Computing (TwC) initiative, much has changed: society has become far more dependent on computing which has evolved to be more data centric and device driven; governments continue to roll out measures to safeguard personal data and critical infrastructures; and the technology industry faces new concerns about supply chain trust and competitive challenges.
We’ve been a strong proponent of industry efforts to improve security and privacy through secure software development processes across the IT ecosystem. Over the next decade, cloud computing and our connected society will create vast amounts of data, which creates new challenges.
TwC Next is an ongoing, live discussion. As I talk with companies, they affirm that the cloud, mobile, social, and big data are all impacting their business. Most recently, our team continued the TwC Next discussion at RSA China with my colleague Jing De Jong-Chen’s keynote that discussed factors impacting trust in computing. Here are a few key trends on security, privacy and reliability that Scott Charney covered in his paper previously and Jing shared recently in her keynote. .
The Cloud and Big Data
The proliferation of devices and cloud services has resulted in a massive aggregation of global data, also known as big data. While offering many potential societal benefits, this collection of data poses unique challenges. From a security perspective, big data represents a valuable target for attackers. As the cloud and devices become more integrated with society, organizations also become increasingly dependent on the reliability and availability of data and services to function.
The Role of Government
The advent of big data has also been challenging for governments. Any transformative technological change that recasts the way people live will engender deeper government engagement. Plus the government’s relationship with the Internet is a complex one as they are simultaneously users of the Internet and protectors of individual users as well as the Internet itself. Governments may play an increasingly active role in many aspects of the Internet. Some nations are looking at legislatively mandating the adoption of information risk-management plans for those managing information and computing systems.
Evolving Threat Landscape
While the quality of code has improved and infection rates have declined for products developed under Microsoft’s Security Development Lifecycle, the threat landscape continues to evolve. Opportunistic threats have been supplemented by attacks that are more persistent and, in many cases, far more worrisome. This means that we need to start designing systems not just to
prevent attacks and recover from them, but also to detect successful attackers quickly and contain them so that any unauthorized access to data or disruption of services is limited.
We believe a new paradigm of protect, detect, contain and recover can serve as a practical foundation for managing risk in the age of globally integrated, device driven and data centric
computing. I welcome your thoughts about security trends and issues. For your reference, the TwC Next paper is available in several languages: