I attended, from about 12 till 1, catching the end of one panel and most of the rest. The first, entitled “managing cloud risks and trusting the cloud continuously” struggled to find a real theme. Folks tended to blabber; feeling like the privilege to speak on the panel– was was simply because one is a sponsor. Can I really claim a ISC2 CPE for listening to this (Since Ive learned absolutely nothing, except to avoid this kind of thing)? Is this the kind of “professional discourse” that ISC2 wants one to participate in? This is worse than the talking heads on network news.
The second thing we listened to was the “closing keynote : Software defined Perimeter: building secure global networks in the age of technology consumerization”. This turns out to be a couple of SSL tunnels, with mutual auth; all of which sounds a little bit like the old orange/redbook distributed-TCP concept. In essence, folks want to create a trusted channel to the device’s proxy, that does the user challenge. This makes some sense if the device, in a restricted desktop, has a trusted behavior that limits access only to the remove service process. We have already seen some of this deployed, in microsoft windows (as the windows 8 desktop talks to microsoft account logon).
One of the (annoying) speaker keeps name dropping, with hints about at “Classified’ uses. Makes various claims about the property of ephemeral DH ciphersuite for SSL Makes various pseudo racist statements about China attacking active directory hashes (failing to note how the US does the same, having perfected the process for spying on others).
So, it was interesting, being technical; and will be interesting so see how the cloud “revolves” around becoming a hub for consumer authentication, using trusted channels between cloud fabric and trusted desktops on the PC/device/.