I read a very interesting article about CloudFlare’s new keyless SSL security system and this caught my eye.
Arstechnica.com: In-depth: How CloudFlare promises SSL security—without the key
The development of Keyless SSL began about two years ago, on the heels of a series of massive denial of service attacks against major financial institutions alleged to have been launched from Iran. “We got a series of fairly frantic calls from those banks saying they needed help with this problem,” Prince said. “We met with JP Morgan Chase, Goldman Sachs… pretty much everyone in that community. They described to us a challenge that put them between a rock and a hard place. They had spent billions on hardware in data center to control access to their network. But it didn’t matter—no matter how intelligent the boxes they bought were, they were falling over because the attacks were so large. There was no way spending more money on premium equipment could solve it.”
At the same time, the banks weren’t able to use existing content delivery networks and other cloud technology to protect themselves either because of the regulatory environment. “They said, ‘We can’t trust our SSL keys with a third party, because if they lose one of those keys, it’s an event we have to report to the Federal Reserve,’” Prince said. “Somebody has to explain to (JP Morgan Chase CEO) Jamie Dimon what an SSL key is, and then he has to call the Fed. It’s a [chief information security officer]’s worst nightmare.”
Organizations like banks depend so heavily on technology. How long will it be before the average CEO at the average company starts to have an in-depth knowledge of how common technologies like SSL work? I imagine we eventually will see a trend in non-technology firms where the path to become a CEO travels not just through CFO and COO, but through CIO and CTO as well.