This was my first time at the RSA Conference, so hopefully that will give you some context to this post and some of the points I took away from this year’s event held in San Francisco between April 20th and 23rd at the Moscone Conference, where the world talks about security. And this year they talked in greater numbers than ever with record attendance: more than 700 speakers at more than 400 sessions, keynotes, peer-to-peer sessions, Learning Labs, track sessions, tutorials, forums, cowdsourced talks, and seminars.
This is war!
I definitely got the impression from the time I hit the trade floor on the south wall that this was a war field, not only due to the sheer volume of people and the hustle&bustle, but also due to the imagery and vocabulary being used. There were obviously some parallels due to the concepts of attack and protection, and being my first session, maybe I was just a little overwhelmed. But it seemed I wasn’t the only one that got that impression – other attendees that passed by our booth made similar comments.This wasn’t any old war either, this was a new war fought with new weaponry. A lot of the booths talked about the ‘next silver bullet in your arsenal’, why you needed it and why you needed it yesterday, at the very latest. I must admit I was blown away – excuse the pun – by some of the presentations and pitches, finally crafted and precisely executed to a back drop of design and imaginary mastery. A feast for the senses (you could almost smell it, if it wasn’t for the free popcorn that was circulating and that charged the battle field air!)
And we are losing...
Amit Yoran, the new President of RSA Security began his opening keynote by mentioning that “2014 was yet another reminder that we’re losing the contest.” And then he added: “We can neither secure nor trust the pervasive complex, and worse, end-point participants in any large or distributed committing environment". So what took place on the war field? What where the main battles that took place? What were the weapons, if any, used?
These are the top three topics I came across from engagements at our booth and at others, and also at the afterparties which where another valuable source of information.
1. IoT, no longer a fad but still far from where it needs to be
I was really at a push to know which to put first – ‘Internet of Things (IoT)’ or ‘big data’. But I guess it was IoT, due to the directness of the piece. A great number of booths and speakers had dedicated time on the topic, whereas big data was more a means to an end rather than a topic in itself, and thus, it didn’t receive the first place.
IoT has matured quickly from a futuristic blip on the radar last year to a real and present issue this year. The implications and ramifications of an endless attack surface that can affect us at our place of business, our homes, on the go etc. has gotten people’s attention. This, in turn, has fueled and will continue to fuel conversation and debate on policy, risk, delevelopement and compliancy to name but a few.
One quick conclusion can be drawn from IoT: it’s not going away. More parts of our lives are connected to the Internet and just an IP address away, making up a positive and negative world of endless possibilities. There is a feeling, unfortunately, within the security sector that until some serious breaches take place, this topic will not gain the type of mind space it truly deserves from businesses and the general public. So it will be interesting to see how IoT is addressed next year at RSA – will it be from a “We got that right” or “I told you so” stand point? Time will tell.
2. Big Data gaining momentum
As Britta Glade from RSA Security, mentioned in her summary of speaker submissions: “We seem to have reached a tipping point as we see big data talked about defensively and offensively, with many offering grounded metrics (there is that word again!) to support the claimed benefits. We saw proposals for big data-oriented submissions span our potential tracks, with some coming at it from a legal perspective, others concerned about policy implications, many pointing out privacy and security concerns, architects concerned about protecting it, and of course many utilizing it for business enablement purposes.” Following her lead, we also saw big data developing predictive indicators to combat cyber-attacks across the physical and virtual world. One point I found very interesting was that businesses from a broad range of industries are looking at gaining business value from this information.
3. PoS / ATM relatively simple vulnerabilities
This was a hot topic to say the least. It didn’t come up on the radar when the RSA folks revised the speakers’ submitted presentations, but it was very much out there – in some pitches and on people’s minds, as I noticed during the conversations I had over the three days.
Having said that, David Byrne, Senior Security Associate with Bishop Fox, addressed the issues directly and said during a session at RSA Conference that “remote administration is possibly the biggest source of compromise when it comes to point-of-sale (POS) breaches, and nearly every register has some type of remote administration service.”
If you didn’t make the show and are interested in some of the points I mentioned above, you can access all the presentations made at the RSA Conference 2015.
Finally, thanks to everyone that came along to our booth, 838 on the south wall, and to our partners who came along to our Partner event which gave great insights to say the least. Truly awe inspiring to be in a room with many great minds, providing insights into this industry.