Talks: 2009 Archives
At Information Security Decisions 2009, Bruce Schneier and Marcus Ranum took to the stage to discuss some of the most contested issues in information security.
More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials.
Recent attacks on the power grid, stolen fighter jet plans, and SCADA system security woes have thrust national cybersecurity into the limelight. The reaction has been as expected: Congress is asking tough questions, and the White House has reviewed federal networks and security processes. One key question remains unanswered: Which government agency should be running the show? Many have called for a newly created White House position to oversee cybersecurity and report directly to the president, while others wonder what role intelligence agencies such as the National Security Agency (NSA) will play in leading the country's cybersecurity efforts.
Cloud computing offers enterprises many enticing capabilities that could save companies significant hardware and computing costs. But as with any offloading of services, there is a risk that must be considered and absorbed as well. Companies choosing to buy processing power, services or store data in the cloud must vet their providers well and ultimately trust that their security processes meet your needs. Security experts Bruce Schneier, CTO of BT Global Services, and Marcus Ranum, CTO at Tenable Network Security, debate all sides of the issue in this Face-Off. Schneier and Ranum are at odds over whether there are really any new risks associated with cloud computing, how much trust organizations should have in a provider and what questions you need to ask.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.