RSA 2016 Recap - Dan Ritari Looks Back on a Decade of RSA
This year I once again travelled to San Francisco for the RSA Security conference. I've been to 8 of the last 9 RSA Conferences so I can provide my perspective of what's been on the mind of security professionals.
2008: Hot topic: PCI. Software trend: Data Classification
One of the main themes was PCI. Fraudsters were exploiting financial service channels. Data owners were being encouraged to classify data according to risk type and compliance categories. The Feds were calling on the private sector to do more to address privacy and security challenges on the internet and Microsoft chimed in with encouragement to work together to achieve improvements. Symantec CEO John Thompson urged attendees to become content-aware and design systems that have security management built in.
2009: Hot Topic: Insider Threats. Software Trend: Application Firewalls, Identity and Access Management
The main theme I saw was web application firewalls. It seemed Identity and Access Management was being pushed on every corner. There was plenty of discussion around insider threat, and ways to monitor and control administrator and DBA access to and possible misuse of sensitive data.
2010: Hot Topic: Economic Downturn. Software Trend: Security Platform Integration
The tough economic times gave a different feel to the conference. Many of the sessions were more marketing pitch for certain technologies than open sharing of knowledge. Symantec and MacAfee were both broadcasting better integration in their products. Palo Alto was talking about application firewalls to anyone who would listen. Identity and Access Management vendors seemingly occupied every second booth. This was the first time I heard a lot of chatter centered on the cloud as the next big wave of the future.
2011: Hot Topic: Privacy. Software Trend: Cloud
Privacy, privacy, privacy. The big questions were: how to protect privacy in the Cloud? How to manage security for mobile devices? What to do about cyber-attacks especially on confidential corporate data? Finally, I did see that social engineering also got some air time.
2012: Hot Topic: Cyber Espionage. Software Trend: BYOD Management
Somewhat of a rehash of the big issues of 2011 but with new emphasis on Bring Your Own Device (BYOD) and integration of secure coding into the development lifecycle, now called SDLC. Many people were talking about going on the offensive to shutdown hacking. Other issues addressed included mobile app security and the use of mobile devices at work. At this RSAC, FBI declares cybersecurity threats will surpass terrorism. Finally, I caught a lot of talks and conversations about the balancing act of time and money on one side, and risk management on the other.
2013: Hot Topic: Bid Data. Software Trends: Mobile Device Management
Big Data and security intelligence were hot topics in 2013, with talk about securing Big Data through a myriad of different products. Mobile device and mobile workforce management, were discussed, which is the logical extension of the previous few years mobile and BYOD topics. A lot of the influencers in the market were presenting success stories of how effective they were at managing threats. Interestingly, while some data breaches were discussed, the crowd seemed to treat them more like a shame list than a learning opportunity.
2014: I did not attend, but this was the year of a possible boycott of the conference after news leaked RSA took money from NSA to weaken their encryption.
2015: Hot Topic: Quick Fixes. Software Trend: Threat Intelligence Software
While the $10 million RSA previously accepted from the NSA was still a hot topic, the biggest new trends were threat intelligence and insider threat management. Cyber espionage, referenced a few years back, re-emerged in a significant number of sessions. The snake oil of the quick fix was still being promoted, so much so that one might think that soon all of our security problems will be solved and this show will become unnecessary! (Spoiler alert – they don’t work!)
2016: Hot Topic: Apple v. FBI. Software Trend: Cloud Access Security Brokers
Cloud Access Security Brokers (CASB) were the new prominent vendors at RSA this year along with the Internet of Things (IoT). The spotlight topic heard around the conference is the dilemma of Apple’s encryption and the FBI, which naturally leads to the broader topic of Big Brother wanting access to our data streams. Should there be backdoors into the technology stream and applications? There is certainly plenty of concern over misuse.
I hope you enjoyed my look back at the RSA conference through the years. It does seem that a lot of the issues that were present in 2008 are still present today. Maybe that's because the way technology is going, it may not be long before you will need to patch your toaster to keep it from burning your toast - or at least more points to secure! But as long as we have valuables to protect, there will be someone trying to steal them. The challenge is to stay at least one step ahead. You only need to be one step behind to lose everything valuable.