The annual RSA Conference is perhaps the biggest gathering of information security professionals from around the world. The topics that were discussed this year ranged from cloud security, mobile security to behavior based solutions.
With 22,000 participants, this year’s conference had a huge turnout. RSA 2013 was the perfect venue to pick-up the latest information about varied security topics, gather thought-provoking insights, and network with other experts and colleagues.
During the conference, I attended several interesting talks, which I will discuss in detail my next blog post. For now, I will share with you my high-level takeaways from these discussions:
- There is an increased involvement and interest from the government, which was evident from the buzz generated by the recent White House executive order on cybersecurity. Both the government and security industry expressed the desire for tightening cybercrime laws. The government encouraged more participation from the private sector and work as one. The Department of Homeland Security (DHS) also announced its initiative to share real time classified threat information with security vendors.
- Cloud Security was well discussed and generated a lot of interest from users. A good part of the first day was dedicated to the Cloud Security Alliance Summit. There were some interesting keynotes from Mark Weatherford of DHS, former American Express CEO Jim Robinson, and Trend Micro Vice President of Cloud Security Dave Asprey. Some of the key issues of cloud security were highlighted and best practices were discussed.
- Big data offers many opportunities, but also carries with it its own security risks. Many companies are not able to handle or secure it properly yet.
- Several industry leaders agreed that there’s a shortage of information security specialists. Right from the government to the information security vendors, all agreed that skills shortage is denting some of the work and its quality.
- The problem of Advanced Persistent Threats is still a hot topic in the industry, and was being discussed at RSA. Today, however, people were more focused on solutions and spending less time explaining or understanding what APTs are. More and more people have realized that traditional solutions are not enough to counter these targeted threats. There is a need to process big data and correlate a lot of information. Behavior-based solutions, application control, NAC, more awareness, more collaboration in the industry and with government were all part of the buzz surrounding APT solutions.
- There were many people talking about the growing Bring Your Own Device (BYOD) trend. There was even a panel discussion on the future of end point security. Some innovative solutions were also presented at RSA to deal with this trend; in fact the winner of the Innovation Sandbox is a company called Remotium which is trying to solve this very problem.
- With the diminishing boundaries of today’s enterprise networks, Software Defined Security (SDS) was seen as an interesting topic. We can expect more traction on it coming years. SDNs (Software Defined Networks) are not that new and security has to keep up SDS.
- Behavior based solutions were once again in focus because of targeted attacks.
- Whitelisting technologies (e.g. application control) were also talked about mainly because of their nature to solve problems related to targeted attacks and its ability to block certain unknown threats.
As mentioned, I will discuss in details some of the interesting talks that I attended, which include a discussion by former US Secretary of State Dr. Condoleeza Rice.