RSA 2010: identity management key to cloud security, says Microsoft’s Scott Charney

Identity is important on the internet, but this is amplified in the cloud, says Scott Charney, corporate vice-president of Microsoft's Trustworthy Computing Group.

Identity is important on the internet, but this is amplified in the cloud, says Scott Charney, corporate vice-president of Microsoft's Trustworthy Computing Group.

"Identity and privacy will be key to cloud computing," he told the RSA Conference 2010 in San Francisco.

It is critical to produce technologies that better allow organisations to manage identity, he said, to provide more secure and private access to both onsite and cloud applications.

As part of efforts to enable a more trusted internet, Charney announced Microsoft's release of a preview of Microsoft's U-Prove technology.

U-Prove is designed to enable online providers to better protect privacy and enhance security through the minimal disclosure of information in online transactions.

"To encourage broad community evaluation and input, Microsoft is providing core portions of the U-Prove intellectual property under the Open Specification Promise," said Charney.

Announcing that Microsoft has made available open source software development kits in C# and Java, he challenged developers to create software to help protect individual privacy.

Charney said Microsoft is working with the Fraunhofer Institute to integrate U-Prove and other Microsoft technologies with the German Government's planned electronic identity cards.

According to Charney, the project envisages enabling citizens to use their electronic identity cards as the basis for accessing online services with minimal disclosure of information.

This is the kind of innovation that is needed to back up disruptive actions such as the recent Microsoft-led initiative to shut down the Waledac botnet, he said.

"Focusing on security and privacy fundamentals and threat mitigation remains necessary, but the industry needs to be more aggressive in blunting the impact of cybercriminals," he said.

The operation to shut down Waledac is an example of how the private sector can get more creative in its collective approach to fighting criminals online, said Charney.

"We are committed to collaborating with industry and governments worldwide to realise a safer, more trusted internet through the creative disruption and prevention of cybercrime," Charney said.

The next step is for U-Prove to move through the technology standards bodies that will establish things such as agreed ways of exchanging information to enable multi-vendor implementations, said Steve Lipner, senior director of security engineering strategy at Microsoft.

"If there is enough enthusiasm for the technology from government, privacy and other organisations, this will help accelerate the process," he told Computer Weekly.

The project in Germany is the first around the practical use of this technology, he said, but that is not surprising given Europe's relatively strong emphasis on privacy.

"The assurances U-Prove can provide are nicely tailored to European privacy concerns, which may add momentum towards wider adoption," said Lipner.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.