Snowden. Target. Bot herders.
If youre in the business of protecting digital assets, these words no doubt send a chill up and down your spine. Make that you and everyone else in security.
Expect these and other topics to be foremost on the minds of thousands of professionals expected to converge on San Francisco on Feb. 24 for the kickoff of RSA Conference USA 2014, one of technologys largest and arguably most important events for the security community.
On hand for the event will be RSA Executive Chairman Arthur Coviello, FBI Director James Comey and Juniper Networks Senior Vice President and General Manager of Security Nawaf Bitar, just to name a few.
In advance of the conference, Channel Partners has taken a look at some of the trends and developments expected to be front and center. In a Q&A released on the 18th, Gartner vice president and distinguished analyst Avivah Litan said attendees should expect to hear a lot of talk about the recent security infractions that had made customers incredibly nervous of late.
Many of the speakers and vendors at the show will likely leverage the plethora of security infractions of the last year to create a sense of urgency for more intelligent solutions,” she wrote. I expect intelligent analytics and context aware security to be underlying themes.”
Also big at RSA 2014: data sovereignty, identity management and privacy.
On Tuesday, Coviello is expected to devote his keynote address on the topic of identity,” which RSA says lies at the heart of online security.”
“The rapid growth of cloud, social and mobile technology is pushing how we protect and manage identity to the breaking point,” the company says. Those same technologies combined with the insight of big data, however, point the way to how we can redefine and recreate identity for the Age of Intelligence-Driven Security.”
In a much anticipated session, FBI Director Comey will discuss The FBI and the Private Sector: Closing the Gap in Cyber Security.” Comey is expected to offer insights on the threats to our national security and the work being done to prevent it. Hes also expected to make the point that the security community needs to close the gap between the government and the private sector a controversial position given the governments involvement in deep data collection and analysis.
Given the increased number of threats to the nations digital infrastructure and data integrity, a number of technology professionals are calling for the security community to become more proactive and aggressive when it comes to protecting virtual assets. On Wednesday, Feb. 21, Art Gilliland, senior vice president with HPs Software Enterprise Security Products group, is expected to call for the industry to stop looking for the silver bullet” and start thinking like a bad guy.” In his keynote, he is expected to point out that organizations worldwide spent roughly $46 billion last year, most of it on defense. Despite the huge sum, institutional security breaches increased 20 percent over the year previous.
While the security industry looks for silver bullets, criminals are investing more, sharing more and working harder,” he notes in show materials.
That theme criminals working in concert is relatively new and troubling, according to RSA Conference Program Committee Chairman Hugh Thompson. In a video released before the show (below), Thompson listed it along with four other themes likely to take center stage in San Francisco.
According to Thompson, the five big trends hes following are:
Privacy: Spying. Hacking. Personally Identifiable Information (PII). These and other topics are front and center today thanks to the recent attacks sustained by retailers Target, Michaels and others. Add in the ongoing data collection by the National Security Agency (NSA), its Prism program, and you can understand why the security community has been upset of late, Thompson says. Watch for plenty of discussions around a new buzz-word, data sovereignty” and a wave of privacy-related legislation to follow as a result, both in the U.S. and abroad.
Security and Convenience: These two forces have never been more in conflict than the present, security specialists agree. But Thompson believes one maxim above all others when it comes to this issue: Individuals will always optimize for convenience. Security that inhibits convenience is giving way to security that makes something easier to do,” he says. Driving this are innovations including the iPhone 5s, which shipped with a thumbprint reader, and Dropbox, which has challenged IT professionals to balance security and convenience like few other innovations.
Organized Cybercrime: As disturbing as it sounds, cybercriminals are working together more than ever before. In fact, they have developed a basic, channel-like” model, Thompson says, that resembles those deployed by vendors to sell commercial products and services. The channel for cybercrime pools resources to maximize reach by offering rewards and incentives for cybercriminals who work together. This includes bot herders who coordinate botnets through informal arrangements and others. This relatively new and disturbing phenomenon is a sign of industry maturity, not to mention bad news, says Thompson.
Cyber metrics: In past years, organizations have thrown the works at their data centers, networks and data repositories with the hopes that they blanket them in protection. But more sophisticated methods for assessing and addressing vulnerabilities are coming to fore. Thompson says its possible to measure some degree of efficacy around controls. He likens it to Moneyball,” which transformed professional sports management. Instead of talent and intuition, which was used from everything from baseball to insurance underwriting, metrics are driving purchasing decisions.
Humanized security: Lets face it: If not for people, most security problems would go away. But people like to click things they shouldnt. They give away information to those who dont require it and, worse, unwittingly relax protections to those who mean to do us harm, Thompson says. Thankfully, advances in psychology and technology are addressing the security industrys weakest link people. Watch for discussions around these advances at the event and beyond throughout the rest of the year.
While cloud, mobility and risk will permeate almost every topic at RSA Conference USA 2014, Thompson adds, BYOD is likely to take a back seat compared to 2013 when it was foremost on everyones mind.
Finally, attendees and security watchers alike should watch for a flurry of new product announcements and program introductions leading up to the event. On Tuesday, Feb. 18, for example, cloud security start-up Elastica came forward with an announcement that it is ready to release CloudSOC, its solution for making cloud applications and services secure for use by companies and their employees.” The company also announced that it had received $6.3 million in Series A funding from Mayfield Fund.
Like many, it will be competing for attention next week at RSA Conference USA 2014 in San Francisco.