In the world of cybersecurity, the news is usually bad: Companies getting hacked, confidential data exposed and increasingly stealthy malware. But, there are reasons for optimism, said Scott Charney, corporate vice president of Trustworthy Computing at Microsoft.
In a keynote Tuesday at the RSA Conference 2013 in San Francisco, Charney said the security industry faces a lot of challenges with the rise of new computing models and regulatory requirements. However, recent industry and government advances are not only increasing security today "but also creating the foundation for a more secure tomorrow," he said.
First off, the industry has long talked about the need for rooting security in hardware, Charney said. There has been considerable progress on this front with the ability now to perform trusted boot in both Windows and Linux, he said. Such advancements help protect systems against rootkits and other malware.
[Related: 8 Cool Network Security Products At RSA 2013]
On the software front, a growing number of organizations are adopting Security Development Lifecycle (SDL) practices to develop more secure applications, Charney said. "The real accomplishment in SDL is we [Microsoft] proved we could scale it across 36,000 engineers."
Vendors and organizations alike are demanding secure development language in contracts, Charney said. "It's market forces at work."
In addition, the growing use of app stores and cloud services presents an opportunity for increased security, he said. App stores "give those who provide security additional checkpoints," he said. Companies can conduct application reviews and also kill apps if they turn out to be malicious.
Users need to be on the latest versions of products to ensure security. "With the cloud model, it's so much easier to keep people updated," Charney said.
In the face of increasingly sophisticated attacks and threats, national and international efforts are needed to "cut these things off at the source," he said. Along with President Obama’s cybersecurity executive order, many countries are building strategies to tackle cybersecurity issues, he said.
Some countries have philosophical differences about what constitutes cybercrime and cyberwarfare, Charney noted. However, countries are talking seriously about these issues; it's a long but necessary process to overcome the differences, he said.
"There's a lot of serious stuff happening on the Internet. I'm not delusional," he said. But with the progress made by both industry and governments, "we can fundamentally move into a more secure world," Charney said.
PUBLISHED FEB. 26, 2013