SAN FRANCISCO -- It's easy for security pros to feel overwhelmed by the constant chatter of advanced persistent...
threats and evolving attackers, especially at the RSA Conference. For those on the front lines of the cybersecurity battle, some days must feel like the equivalent of removing buckets of water from the Titanic.
I am not delusional about this. It's not that I am claiming the world is safe. Optimism is about a future state.
corporate vice president of Trustworthy Computing, Microsoft
During his Tuesday keynote, Scott Charney, corporate vice president of Trustworthy Computing at Microsoft, took time to look back at the accomplishments of those under-fire security pros and delivered a message not often heard at RSA: The future of information security looks good.
To show that his optimism is based on fact, Charney discussed some of the recent breakthroughs in the security industry, starting with the ability to root security into hardware. He pointed to Unified Extensible Firmware Interface (UEFI) as an example of the kind of development that has made it harder for attackers to install rootkits and other malware.
"We now have, in both the Windows world and the Linux world, the ability to do trusted boot and measured boot," Charney said. "Which means as a practical matter, we can build on this foundation and start thinking about the health of machines in a much more dramatic way."
The security development lifecycle (SDL) is another area where Charney feels the industry has made great strides. Companies such as EMC Corp., Cisco Systems Inc. and Adobe Systems Inc. have adopted SDL practices and have focused on incorporating SDL in their software. He also singled out Microsoft's ability to apply these concepts across a broad spectrum to its 36,000 engineers.
These efforts are being pushed by the marketplace, as more and more vendors and customers are including secure development in contracts.
"When you see markets starting to demand secure development, you've reached an inflection point and the future will look differently," Charney said.
Charney also discussed the challenges facing the industry, including those presented by cloud services and mobile devices. Even with the complex security issues posed by these technology areas, Charney focused on the potential security positives that can be delivered by them. For example, the application store model, often highlighted by Apple's "walled garden," offers the opportunity to implement security and solve the age-old problem of patching.
"We need users to be on the latest versions of products and keep them patched and updated," said Charney, "and in the cloud service model and in the application store model, it is so much easier to manage the updates and keep people current."
Also highlighted was the need for national and international efforts by governments to tackle some of the looming issues in cybersecurity, including cybercrime and cyberwarfare. President Obama's recent cybersecurity executive order and the EU cybersecurity directive were served as positive developments in this arena, though countries still need to establish more normative processes to tackle these problems going forward.
Charney finished by delivering a vote of confidence that, much like the challenges he discussed at the opening of the keynote, the problems on the horizon can be overcome.
"I am not delusional about this. It's not that I am claiming the world is safe. Optimism is about a future state," he said. "I am optimistic that, with the people in this room … we can fundamentally move into a more secure world."
View all of our RSA 2013 Conference coverage.