Wednesday, 30 October 2013

PRISM spy fears must not send firms back to old security models

privacy-image-sew
AMSTERDAM: Businesses' reversion to perimeter-based, privacy-focused security models in the wake of the PRISM revelations is only going to benefit hackers, according to RSA executive chairman Art Coviello.
Coviello said concerns about privacy following the PRISM scandal is hindering firms' ability to deal with next-generation cyber threats, during a keynote at the RSA conference in Amsterdam, attended by V3.
"I want to address a serious complication in our ability to make progress - privacy. Last year I pointed out the danger of an imbalance between privacy and security. There are absolutely legitimate concerns about monitoring networks but this isn't just an academic debate," he said.
"Some of our customers are caught in a catch 22. They are scared to deploy legitimate security to protect their customers' privacy, out of fear they'll break legislation designed to protect their workers' privacy."
The PRISM scandal broke earlier this year when ex-CIA analyst Edward Snowden leaked classified documents to the press proving the National Security Agency (NSA) was collecting vast amounts of web user data from companies like Google, Microsoft, Yahoo and Facebook.
RSA 2013 opening keynote
The scandal led to widespread calls for new, more robust privacy laws. Earlier in October the UK government decided to start accepting public feedback about what legislative changes are needed. Coviello said the trend is troubling as it is leading businesses to revert back to older, ineffective security models.
"Just seven years from the invention of the iPhone we have full mobility and soon with the use of IPv6 we'll have as many as 200 billion devices connected to the internet, many of which will be involved in critical infrastructure," he said.
"These will give our adversaries new avenues of attacks that we ourselves paved. The perimeter model no longer works, traditional security protocols are becoming obsolete."
Coviello said the systems only benefit hackers and will cause untold harm to the world economy if left unchecked.
"Full anonymity is the enemy of privacy. It gives our enemies an anonymous way to misuse our private data with no risk of discovery of prosecution," he said. "Today we live in an era of the global sharing of information and economy is reliant on this sharing of information."
The RSA chief said businesses will need to adopt intelligence-based, holistic security systems to deal with the threats.
"Existing controls are silo based, they can't see outside. Today's controls are like a blind man trying to describe an attack to a security centre. By enabling security controls to let them interact with each other, we're providing them context," he said.
"When we comprehensively understand the normal flow of data across the network we're better equipped to spot even the faintest sign of an attack in an increasingly noisy environment."
Coviello said the systems will also help future-proof businesses against next-generation threats.
"Context is what makes intelligence-based security future proof. These attackers at some point will have to do something noisy, something out of the normal. That's when we spot them and when we stop them," he said.
Coviello said while such systems could be theoretically misused by businesses, the issues can be solved with new information governance laws. "When systems like the ones I've described are applied sensibly and with governance, privacy and security working together, it's the only way privacy can work today given the nature of our interconnected world," he said.
"Where attackers are tearing through our existing security, we need this level of insight. It does have the potential to be misused and we don't want to create big brother, we have to strike a balance [...] It's up to us to ensure we have an informed and open discussion to create the new rules."

No comments:

Post a Comment