RSA Changing Internally Along With Rest of Security World

NEWS ANALYSIS: Here are some of the key points eWEEK noted following RSA Security 2015, the largest security conference in the world.

SAN FRANCISCO -- Like any other professional conference, what attendees took away from last week’s RSA Security 2015 at Moscone Center depends upon how well they paid attention.

There were so many aspects to the conference that it is patently impossible for any one person to have soaked up everything he or she might have wanted. But when you come to a show like this one, you plan a meeting and seminar strategy, try to stick to it as best you can, and still leave time windows for fun and networking.

When you get home, you look at your notes and clean out your backpack to see how much information you were able to bring back. Here are some of the key points eWEEK found lodged in its own backpack:

--The tipping point from the armored-car, defensive approach to enterprise security has been made to more proactive, preemptive-types of security software and hardware. Big data analytics -- mostly for improving risk assessment -- are a key component in the proactive mode, although both types of systems are needed to do the job.

--The White House and key agencies within the federal government (Homeland Security was a highly visible one) are reaching out to Silicon Valley companies and entrepreneurs, asking for cooperation among themselves, the military and the government to set guidelines for building a united front against rogue nation-states and other organized crime coalitions.

--White House Cyber-Security Policy Coordinator Michael Daniel, who delivered a keynote presentation and was a key guest at a CyberTech Networks/CyberHive panel discussion, said that he is trying to set starting principles for a broad public discussion on national cybertech policy, which has been a major source of tension with technology companies and other experts. After the White House sets principles, factoring in national and economic security, and privacy, Daniel said he wants to engage with technology companies, heavy encryption users in the financial sector, other industries and other countries.

--Too many old-school security habits are holding back progress in many enterprises. HP Security Chief Art Gilliland emphasized that while there is a lot of talk about advanced threats, when security experts look at the actual data, most breaches are the result of older vulnerabilities that have not been patched by organizations. While older vulnerabilities continue to be a risk, Gilliland said there is also a lot of infrastructure now delivered as cloud services that require new-generation security approaches.

--C-level executives must become more knowledgeable about security because it is vital to the continuation of the entire business. "The use of the Internet is an essential part of doing business on a daily basis," said Harri Koponen, CEO of the Finnish security development and products provider SSH. "We can't continue to do business without thinking: Is this secure? Is everything OK, because your customer records are online? If you're not thinking about this part of the business, eventually you will destroy your business."

--RSA is remaking itself with a new president and product strategy. "The security market is fundamentally broken," new RSA President Amit Yoran said at a press conference. "The approach that our industry has taken is irreparably flawed, and we have to change." Yoran said his company is going through a massive transformation. From a product perspective, one of the bold changes is the new Via platform, which Yoran called a "reinvention" of RSA's authentication and identity management capabilities.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...