RSA at 20

Mobile device security is top of mind at RSA.

The 20th annual RSA Conference is lumbering into San Francisco next week. It's huge, face-to-face, dominated by educational tracks, led by old guys, and run under the auspices of a vendor. How did the RSA Conference get to be 20 in such good shape?

The RSA Conference is in some ways the opposite of trendy. It's not hosted in the cloud but is run in-person. The conference is loaded with graduate-level educational tracks that leave non-mathematicians such as myself impressed but slightly stunned. Contrary to the hottest properties in our industry, the conference is not run by a bunch of guys in their 20s and 30s but rather by guys who've been around 20 or 30 years.

I can't help but contrast the RSA Conference with an old favorite of mine, N+I. In its heyday, Networld + Interop's big reason for being was to serve as a convergence to see if networked computers could actually interact with each other. Security tools as we know them today were barely a gleam in anyone's eye. Just getting the equipment to communicate was a victory. The idea of securing these systems was usually solved by running them on private networks.

The Internet and public networking changed all that. What would become the RSA Conference started with a tiny gathering in San Jose, Calif., in 1991. As the public Internet grew and business moved online, it became quite clear early on that security tools needed to be developed, and quickly. The marketing battles and practical questions about how best to secure computing resources ranged from defining the new network perimeter to the best location for intrusion detection, to performance questions about antivirus and anti-spam products. N+I basically slipped beneath the waves as interoperability became the norm. The RSA Conference has grown because the success of that interoperability still poses difficult security questions.

I think the big driver in the overall security concern are transactions. Transactions ranging from e-mail to online banking to business-to-business interactions all require a fundamental level of trust to be successful. For the Internet and corporate networks to provide the fantastic increase in productivity that we have seen, the infrastructure must be basically trustworthy and reliable. With fits and starts, but always with a forward motion, security tools have succeeded in providing that trust.

At RSA 2011, I'll be looking to see how cloud infrastructure impacts the security landscape. The concept that employees can use any device to access the applications they need from any location is pushing the boundaries of what IT managers must consider when providing a sound security strategy. In many ways, the cloud removes a number of problematic security concerns by placing the hard work of securing a data center in the hands of the cloud provider. However, IT managers still have a lot to think about.

Just one of those thought-provoking topics concerns user device management. I'll be looking at mobile management tools, especially those aimed at phones and tablets, along with the more established laptop security products. I want to see how our industry is going to deal with the processor and memory constraints of these mobile platforms while ensuring that the right person is using the device to gain access to the right corporate assets.