 |
While I’ve attended the RSA Conference countless times, this year was particularly meaningful for me since I experienced it in my new capacity as RSA’s CTO. Every minute was crammed with customer and partner meetings, not to mention panels and speaking engagements. I also managed to squeeze in some time attending keynotes and dart around the show floor to round out my experience. Having caught my breath this week (somewhat!), I wanted to offer up my perspectives on key security trends from this year’s conference. The first trend is the rapid and inevitable deterioration of the perimeter. The increasing popularity of the cloud coupled with the proliferation of mobile devices, including those brought in by employees, are driving this change. More so, “users” from an IT perspective are not limited to just employees, but also include customers and partners. To address some of these issues, identity was a focal point in many conference sessions. In a perimeterless world, identity takes on greater importance because it is the only tangible thing you can hold on to from a security perspective. And identity is foundational because security, after all, is about ensuring that only the right people have access to the right resources at the right times. The second trend is the move away from prevention and towards detection and faster response. This shift was way overdue. Not long ago, vendors presumed that threats could largely be prevented up front. That hasn’t been true for quite some time. We can no longer keep the barbarians at the gate and must acquiesce that they’ve already made their way inside. The rules of engagement must change accordingly. To address these concerns, visibility was a popular theme this year — especially in the conference keynotes. By understanding what’s happening within your environment, you are far better poised to address the corresponding issues. One important consideration here is the idea of pervasive visibility. Don’t just focus on the network or on the endpoint. Have visibility across all of your IT assets. Otherwise, you’ll have blind spots that attackers will go after. Finally, the third trend, which builds upon visibility in many ways, involves trying to achieve more with less. While the information security challenges plaguing our customers are multiplying, the number of hands they have on deck to address these concerns simply can’t keep pace. The issue has less to do with budget and more to do with the dearth of qualified information security professionals. This theme was resonant in every customer and partner meeting I had. To address these concerns, some vendors offer technologies in security analytics (so that threats can be more easily identified and investigated). Another key capability in this regard is achieving business context so that you can understand how to prioritize your efforts. Not all threats are created equal. A bitcoin mining Trojan shouldn’t be handled the same way as a targeted attack developed by a sophisticated threat actor. Our customers are navigating a sea of issues. Attacks have grown in both sophistication and number, and organizations are hard pressed to provide an adequate response. The waters are indeed troubled. However, being cognizant of these issues will ultimately allow us to chart our course through the coming year. The post Key Trends from the 2015 RSA Conference appeared first on Speaking of Security - The RSA Blog and Podcast. |
