RSA 2014: 10 Takeaways From a Show Overshadowed by Fractured Trust
NEWS ANALYSIS: RSA Conference 2014 provided plenty of food for thought after a year of enormous security breaches and revelations about government surveillance.The annual RSA Security Conference is an opportunity to take the pulse of the enterprise security business. While other technologies wax and wane with consumer popularity, corporate security is one of those must-haves where last year's impregnably secure business looks like this year's Swiss cheese. After attending keynotes, briefings and walking the exhibition floor, here is my list of the top 10 trends that emerged from 2014 RSA Conference. 1. Ghosts in the Moscone Convention Center: The biggest drivers for this year's event took place outside the confines of the Moscone Center. Edward Snowden is ensconced in Russia, but his trove of National Security Agency documents and the accompanying revelations have had an influence far beyond anything taking place on the keynote stage. The security vendors, academics, standards committees and government security agencies have long had intertwined relationships. Those relationships were built on trust, or at least on an implicit understanding, that the rules of the road meant setting boundaries on protecting national interests and protecting individual privacy. The Snowden debacle created a lot of rifts within the industry and between the industry and public, which requires the rebuilding of a lot of fractured trusts. This year, the RSA conference and company are in recovery mode following speaker walkouts and alternative conferences taking place only a few blocks away. 2. This year's security box score: One of the ongoing topics at the RSA Conference is trying to guess if the good guys or the bad guys are winning the security battle. The past year has not been a stellar year for corporate security and was topped off with the Target (a prescient corporate name if there ever was one) data breach that exposed credit data of an estimated 110 million people. Despite the many billions spent on security, tales of digital break-ins, identity theft and corporate digital espionage provide a daily reminder of the leaky ship that is today's corporate technology infrastructure. The bad guys tend to be the fastest innovators.
3. Stop selling more boxes to solve every security problem: From the early days of corporate firewalls through authentication services, the tendency in the security business has been to cook up a new box to solve every new problem. This made some sense when digital security was mostly about building a moat around corporate offices and directing people and resources to deepen and widen the moat. That corporate fortress model has withered as mobile devices, mobile workforces and employees anxious to use the latest cloud-based service have become the norm. While there were still a lot of new boxes on display on the show floor, the days of CIOs and chief information security officers (CISOs) willing to manage many multiple security vendors and systems are clearly ending