Now more than a decade old, the RSA Conference in San Francisco this week remained predominantly focused on traditional security practices rather than hot new inventions for protection. The event was highlighted by keynotes from Internet co-inventor Vint Cerf, Wikipedia founder Jimmy Wales, and even former Secretary of State Condoleezza Rice.
SafeNet, for example, was on hand to talk about data protection through encryption. While one of the themes of this year’s conference was “Big Data Revolutionizes Security,” much of the discussion around Big Data was simply focused on encrypting it and locking it away with proper access controls.
Dave Hansen, president and CEO of SafeNet, said that there is a tremendous need for encryption in cloud-based data-driven applications. Unfortunately, he also said many companies only decide to encrypt their cloud data after a breach has occurred.
But Hansen also said that the focus of security products, like those SafeNet sells, have changed as time has gone on. While DRM and anti-piracy measures were popular in the past, license management is more popular today. To that end, SafeNet created Sentinel Cloud Services to allow developers to authenticate and license software remotely through an API and authentication service. Sentinel Cloud Services allows developers to add functionality similar to that used in Microsoft Windows Genuine Advantage, where software authenticates with a remote licensing server over the Internet to validate its license.
Elsewhere at RSA, Alan Karp and Marc Stiegler, both of HP Labs, discussed the principle of least authority, or POLA. POLA is a guiding principle for developing secure software by isolating objects.
Karp said that isolating objects prevents the abuse of object access privileges. “Some you will find already are using some of these standards,” he said. “Many places already say you’re not allowed to have global static mutables. This is just a continuation of things you’re already doing.”
Stiegler compared POLA to object-oriented programming, but said that POLA takes object orientation to its logical extremes.
“This is like object-oriented modularization put on steroids, or taken all the way,” he said. “It’s the real thing. Once we do that, we find we get security properties almost for free.”