[cryptography] Fwd: General Availability of StrongKey CryptoCabinet

Arshad Noor arshad.noor at strongauth.com
Mon Mar 19 21:14:30 EDT 2012


On 03/19/2012 05:22 PM, Marsh Ray wrote:
> On 03/19/2012 06:22 PM, Arshad Noor wrote:
>>
>> * IBM's developerWorks.com. http://ibm.co/rc3dw
>
> Regulatory compliant cloud computing security ... in a box!
> Brilliant!

	Our key-management comes in a box; the architecture does not.

> I'll just go out on a limb here and guess that the weak link in the
> system will be the Xray tech's Windows XP embedded IE6 web browser that
> she's using for work email (if not Facebook) and also for setting the
> cathode voltage and exposure time.
>
	Business people are in the business of taking risks. Tolerances
	vary, but that's why they get paid.  Security practitioners
	might like a perfect world; but the business person does not
	care - they're only willing to assume the risk they believe
	they can balance with their over-arching goal to make money.

	If the healthcare industry truly cared about people's privacy,
	they could have solved the problem a long time ago.  But the
	doctors in the industry have a trump card that slows adoption
	of more secure environments: protecting your life.

	It is my opinion that businesses will go to the Cloud - and damn
	the torpedoes.  (The drum-beats from AWS, Salesforce, etc. at
	the HIMSS 2012 conference were deafening).  The reasons for
	moving to the Cloud are compelling (starting with the business
	executives' bonus from the additional EPS when they get rid of
	the capital & operating expenses on in-house IT equipment and
	salaries).

	To the extent the architecture can help address some holes
	before the exodus to the Cloud begins, the RC3 architecture is
	out there for the taking/improvement - no royalties required.

Arshad Noor
StrongAuth, Inc.



More information about the cryptography mailing list