The World Wide World: IT Ain't Just the Web ... - Cdn.oreilly.com

More documents

Recommendations

Info

ties, and good people can go bad. And the moment you start keeping people’s identities on file, you create the risk of releasing confidential information; just ask ChoicePoint! Yet that doesn’t mean we should all give up. All parties – vendors, access/service providers, consumers, educators, governments – have a responsibility and a role to play. Yes, we’re talking to you! If the private sector doesn’t take the initiative, government will. But as we argued in the November 2004 issue of Release 1.0 on the accountable Net, the Net’s tools themselves give individuals the means to protect themselves, while a variety of services will let them outsource tasks such as filtering spam or managing firewalls with as much personalization or specificity as they care to pay for. Of course, it’s not easy, but the very visibility of the Net’s security problems are leading the way to a solution since they make people aware of the problem and more conscious of the need to protect themselves. The question of responsibility for security isn’t just government vs. private sector; it’s also “which vendor?” Microsoft’s Scott Charney represents perhaps the leading vendor in terms of basic infrastructure; he also has experience as a government law-enforcer. Symantec’s John Thompson represents the leading formerly pure-play IT security vendor – unless you redefine security more broadly, which is the point. Cisco’s Jayshree Ullal serves the part of the market that links everyone, secure or not; she sees security happening in layers, from the depths of the network infrastructure to the top of the stack. May they all compete vigorously to ensure our safety! Scott Charney, Microsoft: Security from the source “I was hired as chief security strategist originally,” says Scott Charney, now VP of trustworthy computing for Microsoft. “Microsoft ascribes to the philosophy of, ‘Get the right people on the bus without telling them where to steer’.” Over time, he figured out his mission, which was not so much a corporate function, though he still has that role, but rather “to change the very rhythm of the business – how products get designed and tested, and how they get sold and installed.” Charney got his training in security offline, as an English and History major with a law degree working as a prosecutor in Bronx County. In 1991, as one of the only guys around who knew how to program a computer, he was charged with taking on online investigations. Within seven months he became chief of the newly created Computer Crime Unit in the US Department of Justice (DoJ). As the leading federal prosecutor for computer crimes, he helped prosecute nearly every major cybercrime case in the US from 1991 to 1999. He co-authored the original Federal Guidelines 14 RELEASE 1.0 WWW.RELEASE1-0.COM
for Searching and Seizing Computers, the Federal Computer Fraud and Abuse Act, federal computer crime sentencing guidelines, and the DoJ Criminal Division’s policy on appropriate computer use and workplace monitoring. Ultimately, his role at Microsoft could be equally influential, especially if you believe that vendors can play a major role in security and that forestalling crimes is even better than prosecuting them. “If you ask who’s responsible for security, it’s everyone, but not everyone equally,” says Charney. “The bulk of the burden is on vendors and access providers to make more secure products and deliver more secure services. Consumers don’t want to be educated on security. My mom is 75; I can’t tell her to read about firewalls. She is not ever going to write code and she doesn’t want error messages about general protection faults. But we do have to educate consumers to behave responsibly – for example, not to send out their social security number in response to unsolicited e-mail.” He’s optimistic that vendors can rise to the task. “First of all,” he points out, “there’s now synergy between market forces and safety, which makes it much easier to do certain things as a vendor than before 9/11.” Microsoft, for example, now defaults more of its products to “safe” rather than “convenient” modes. . .and it is getting into security in a big way with a variety of new products that will compete with Symantec among other vendors. But vendors cannot do everything, Charney says: “Government should work with industry to figure out how much security the markets will deliver. If it’s not enough, they need to identify the gaps and help close them. The fix could be the dreaded ‘R’ word [regulation], but it could be purchasing power or the adoption of sound government policies. For example, two-factor authentication clearly makes sense, yet few are using it. It’s moving in the right direction, but it needs a catalyst. Right now, there’s no agreement on a standard, and there’s no real consumer demand; no bank is going to go first. But government could spur this in novel and interesting ways. The government could make it a requirement for electronic tax filing, and could use the post office to do in-person proofing to ensure that the person receiving a token or digital certificate is well authenticated.” Of course, someone may say this is not a good idea. . .so let them come up with something better! MARCH 2005 RELEASE 1.0 15
Page 1 and 2: ESTHER DYSON’S MONTHLY REPORT Rel
Page 3 and 4: SUNDAY, MARCH 20 PRESENTATIONS - Th
Page 5 and 6: in business-model terms, he realize
Page 7 and 8: Meanwhile, with his title of Chief
Page 9 and 10: CEO-designate of Lenovo, faces the
Page 11 and 12: ventures, marketing, software devel
Page 13: division that will be mostly the fo
Page 17 and 18: But that’s within Symantec. On a
Page 19 and 20: a rectangle to a parallelogram or a
Page 21 and 22: None of the players here provide a
Page 23 and 24: You’re in this position where the
Page 25 and 26: unit is now called Healthcare and L
Page 27 and 28: Practice Sites designation administ
Page 29 and 30: these arenas satisfied her. It wasn
Page 31 and 32: ing now - outsourcing and offshorin
Page 33 and 34: your message. (This month, both Mic
Page 35 and 36: equest, he or she can use all the r
Page 37 and 38: Schwartz says the idea started from
Page 39 and 40: INTERVIEW - Ann Livermore, Hewlett-
Page 41 and 42: she’s in charge of managing not s
Page 43 and 44: Polese knows whereof she speaks. As
Page 45 and 46: to those needs with something relev
Page 47 and 48: users’ clickstreams. “People do
Page 49 and 50: did her two new bosses. “Larry an
Page 51 and 52: The whole thing requires substantia
Page 53 and 54: ly involved in those two spin-offs.
Page 55 and 56: AFTERNOON SESSIONS THE GALLERY BY C
Page 57 and 58: Persuadio: Finding plankton in an o
Page 59 and 60: Company Presenters BY CHRISTINA KOU
Page 61 and 62: computers and other devices,” and
Page 63 and 64: “Traditionally event organizers p
Page 65 and 66:
Zinfandel and all the countries exc
Page 67 and 68:
Fiedotin and Tangney tested it with
Page 69 and 70:
In its most basic form, Grouper is
Page 71 and 72:
Impinj’s technology, called self-
Page 73 and 74:
Instead of throwing away Excel mini
Page 75 and 76:
turning on his phone. “The openin
Page 77 and 78:
Rearden is betting that using open
Page 79 and 80:
Adding the hierarchical information
Page 81 and 82:
Roundtable Discussion: Metadata is
Page 83 and 84:
Resources & Contact Information Udi
Page 85 and 86:
Calendar of High-Tech Events APRIL
Page 87 and 88:
Calendar of High-Tech Events E JULY
show all

The World Wide World: IT Ain't Just the Web ... - Cdn.oreilly.com

Create successful ePaper yourself

Delete template?

Save as template?