This year’s RSA Conference 2014 was filled with energy and great insights as well as controversy. Here are a few of the trends and topics that I saw at this year’s show.
Energy: Encryption and access controls are up there at the top of the list
There was a huge uptick in the overall energy at the show. Our booth was inundated with people asking questions and wanting to learn more about our encryption, access control and privileged identity management solutions. Why is there so much interest this year in Secure Shell and encryption in general – after all, wasn’t that invented in the mid-90s or before? Isn’t this already widely deployed? Simple. The threat landscape is more complex than ever. Most experts agree you’ve got to encrypt everything. But in order to make that encryption really work you have to be able to control who has access to what in your environment – or it can be used against you. In addition, as we have learned from the Snowden case, most organizations, including arguably the most advanced technology organization in the world – the NSA, don’t monitor their encrypted networks. The combination of poor access controls and a lack of monitoring of encrypted networks is creating a huge security hole that nation-state actors and criminal organizations can exploit.
Great Insight: Cloud and Internet of Things dominate the conversation
The benefits of operating in the cloud are vast, and so are the risks. From a scalability and economic perspective, moving to the cloud makes a lot of sense. In addition, you get to pool resources (like security know-how) and automatically get the benefit of best practices implemented by your cloud provider. At the same time as cloud adoption is growing, a proper cloud security framework is not yet in place and this is creating some concerns about data security. Some of the items that consistently came up were the lack of forensics capabilities in cloud environments, the lack of control over administrators who can access your data and, of course, concern about where the cloud is “located” for purposes of the government being able to access company data (ie via the Patriot Act, FISA warrants). A lot of good conversations about this but not a lot of clear answers just yet. The Internet of Things will create a lot of conveniences and market opportunities, but there will be challenges as more consumers – the vast majority of whom have limited security knowledge and capabilities – will be passing all kinds of information across the Internet and through data centers.
Controversy: Trust is fractured
We heard about some notable participants declining to speak at the conference because of some revelations about RSA providing back doors to the NSA. This all, of course, was revealed as part of Edward Snowden’s efforts to expose US government surveillance programs. Once trust is fractured it is hard to restore and this has long-term consequences for the company that caused the situation, as well as the country or government that facilitated the action. This seems to be having a big impact in the European markets and it will be interesting to see how all of this gets sorted out. I wrote a previous article on possible outcomes that you can read here.
Right now the IT security market is over $67.2 billion annually and growing at a 9% clip. As a fun fact for the day, and to put everything in perspective, based on Forbes latest ranking of billionaires, Bill Gates is worth more than the entire IT security market. Global defense spending is about $1.5 trillion. With the rise in cyber-warfare, the size of the pie for IT security is bound to continue to increase for quite some time.
Now for a video on the topic brought to you by Huffington Post and yours truly.