RSA Show Will Focus on Trust in an Industry Spooked by NSA Leaks

NEWS ANALYSIS: Building trust will be the major theme of this year's RSA Conference in the wake of allegations that the company was paid to compromise its own security technology.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Trust will be the big word at this year's upcoming RSA Conference Feb. 24-28 in San Francisco. While in the past, trust was translated into technical advances surrounding encryption, authentication and identity services, this year, trust means much more.

This year, the word trust refers to the companies you work with, the products those companies deliver and the government under which our society operates.

In advance of the RSA Conference, the organizers held their annual outlook seminar for security analysts. The purpose of the Web seminar was to highlight the upcoming sessions, focus on some of the important themes and provide an opportunity for analyst questions. Much to their credit, the panelists did not dance around or avoid the big topic hanging over this year's event.

But, first, here's a little background. The conference started in 1991 as a cryptography-heavy event and evolved into a bit of a hybrid curiosity in that the event is managed by RSA (now part of EMC) with a content program striving to be vendor-independent. The hybrid approach has worked in the past, and the conference is the place where enterprise-level security products and services from startups and even RSA competitors often see their first public appearance.

In security, trust is your brand. While trust may be the brand in other industries, as well, in security, you are betting your company's most valuable secrets on vendor promises. This has been a rocky year in the trust department following a continuing string of revelations from Edward Snowden, whose purloined National Security Agency documents revealed that the amount of government snooping was far more extensive than realized.

In particular, RSA (the company) has found itself enmeshed in the controversy, as the blog Security Current reported, "It began with a Reuters story from Joe Menn: "Exclusive: Secret contract tied NSA and security industry pioneer" in which it was disclosed that RSA, the crypto pioneer and security products vendor, had allegedly accepted a secret $10 million payment from the NSA in order to incorporate a backdoor in to their BSafe crypto suite."

RSA responded with a convoluted denial, which neither confirmed nor denied it took the $10 million and stated, in part: "RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

While $10 million is pocket change to RSA, the lack of a categorical denial (which could indeed be contractually prohibited) has led to speaker walkouts and a counter-conference, TrustyCon, which will be held Feb. 27 right up the street from the RSA event in San Francisco.

"It's a glaring issue," said Wendy Nather, the security research director for the 451 Group, said when she brought up the NSA and RSA controversy during the conference's outlook seminar. She noted that one panel will include Joseph Menn, the Reuters reporter who broke the RSA story. Unless RSA the company can find a way to go to full disclosure on the NSA relationship, the implications in the alleged RSA/NSA deal will continue to undermine both the company and the conference.

While the NSA imbroglio is the most visible example of trust as the central theme of digital security and the RSA conference, trust in a mobile, cloud and big data technology environment also permeates the other sessions, panels and product introductions expected at the RSA conference.

Where enterprise security once revolved around digging ever deeper digital moats around the enterprise, that concept is now impossible, as cloud computing becomes an accepted way of building corporate technology infrastructure and smartphones wield as much computing horsepower as most machines residing within a company's confines.

Whereas past RSA Conferences were often centered on deep dives into cryptography techniques, this conference will be focused on how customers and vendors can build a trust relationship capable of accommodating a new model of corporate computing.

Eric Lundquist is a technology analyst at Ziff Brothers Investments, a private investment firm. Lundquist, who was editor-in-chief at eWEEK (previously PC WEEK) from 1996-2008, authored this article for eWEEK to share his thoughts on technology, products and services. No investment advice is offered in this article. All duties are disclaimed. Lundquist works separately for a private investment firm, which may at any time invest in companies whose products are discussed in this article and no disclosure of securities transactions will be made.