The keynotes talk from George Stathakopolous and the white paper on End to End trust were excellent. The E2E paper is filled with interesting facts and is based on many people’s input with the summary states that End to End Trust is a goal rather than a strategy in itself.
My belief is that we cannot as a society ever truly have end to end trust until we reach an enlightened age but then if we did reach that age there would be no need for security and many of us would be in different employment.
Until then it appears that the two largest threats two achieving end to end trust lie in the trust in applications and trust in people areas. The others can be solved but as users we need to understand that we may have to pay a further price in terms of functionality and flexibility.
But let’s look at our global security model slightly differently and I am typing nothing new here.
- What if instead of glorifying the attacker and the attacks we decided to:-
- boycott conferences where people show off what they can do
- Not give highly paid jobs to people who have compromised other people’s systems
- What if the punishment for cyber crime was so severe that this would act as a deterrent to people who would get involved?
- What if the governments of the world got together to ensure that cyber criminals could not go from State to State or other countries to escape the punitive laws of a government?
If as a world economy we did all this, we could radically change our entire security posture from one of defence to one of offence. Until we do radically change our infrastructures, security will be primarily a defensive option that we will constantly have to evolve towards architectures such as the Microsoft End to End Trust framework.