Modernizing Authentication — What It Takes to Transform Secure Access
SAN FRANCISCO The executive chairman of Verisign didn't exactly play up to the crowd of thousands of security professionals gathered here at the RSA conference to hear his keynote. "Consumers are overwhelmed and frustrated by all the security solutions out there," said Verisign's (NASDAQ: VRSN) Jim Bidzos, who organized the first RSA Conference in 1991. "In fact some of the security tools we offer are nearing the point of negative returns."
But that was just the warm-up.
"It's time we started thinking about security as only part of the solution and ask what users really need from us. Today users are faced with pop-ups and all sorts of security procedures designed to make them feel more secure, but may simply frustrate them and question whether the Internet is safe," he said.
In fact, Bidzos said the results from multiple surveys that asked consumers whether they thought the Internet is safe "indicates we're not quite there yet."
He asserted that part of the problem is that while security solutions reduce risk, there are so many pop-ups and procedures users have to go through to make them work that it reduces trust. He compared it to driving through a neighborhood with signs that say it's a high crime area. "You might see a lot of police cars, but you're still going to wonder if it's safe to drive through there," he said.
Bidzos said developers need to figure out a way to simplify security so it's more under the hood. "There's too much complexity out there and it introduces new risks. The more complex a system is, the more places exploits can be brought in," he said.
On the Internet side, Bidzos noted the introduction last month of the VeriSign Trust Seal. Participating Web sites will have their sites scanned on a daily basis by Verisign to make sure they are free of malware and the site will be able to display the Trust Seal meant to assure consumers the sites are safe to visit. Verisign has long had a separate Secured trust mark geared for e-commerce sites, which the Trust Seal is not.
Turning to the cloud for security?
Verisign's CTO Ken Silva later took the stage to talk about some of Verisign's security initiatives. He said the company had to rethink its approach to security in the wake of several denial of service (DNS) attacks several years ago that threatened the 17 datacenters it had at the time managing the Internet's DNS infrastructure, among other services. "Our servers are under constant attack," said Silva.
He said the price tag to protect against denial of service attacks and overprovision enough bandwidth was going to cost $30 million. But Verisign turned to the cloud instead.
"We essentially created a private cloud that allowed us to put the brute force solution in just a few datacenters and then divert those capabilities and scrub the data as needed in any denial of service attack. That saved us $30 million," he said.
"I would argue that for DoS, the cloud is the only way to go for mitigation. Now we're offering that as a service to our customers," said Silva.
But Silva was quick to add cloud computing in general has a ways to go before it gains broader acceptance.
"If it's so obvious, why isn't everyone doing it? It's pretty simple, they don't trust (cloud computing), they only trust themselves and they'll spend a lot more money on systems they operate and control themselves."