Recapping RSA: Online Security in the Era of iPads, Mobile Adoption

The RSA Conference wrapped up last week in San Francisco. Tons of vendors, journalists and security-minded folks (the Okta team included) converged to discuss the latest trends in online security and how companies can best protect themselves from cyber attacks. Below we’ve recapped several journalists’ takes on the show’s key themes.

Redrawing the Battle Lines: What We Actually Learned at RSA 2012 (ReadWriteWeb)

In his summary for ReadWriteWeb, Scott Fulton was surprised to notice a strange new “culprit” for IT security breaches was taking precedence among conference goers: mobile devices and employees’ desire to have them.

Fulton noted that many of the presentations centered on employee adoption of mobile devices outpacing (and in some cases bypassing) IT secure support and infrastructure for these devices. This was a new theme for RSA and points to the growing need for IT to catch up and meet end-user security needs.

RSA Conference 2012 post-mortem: IT security in a "precarious spot" (Computerworld)

In his wrap-up post for Computerworld, George Hulme notes the somber tone of this year’s RSA– an effect of last year’s major security breaches for companies like VeriSign, Symantec and RSA Security. (We have a running timeline on the Okta blog.) In his discussion of IT’s security failings, Hulme cites Stefan Savage, a UC San Diego professor of computer science and engineering, who observed that these failings may be traced back to the industry viewing security as a technical problem. Said Savage:

“There is a massive human component to security. While there are lots of technical things behind spam and botnets, there are people behind all of that, and then there are people who make mistakes that many times let them [spammers and botnets] through.”

RSA Observations Part I (NetworkWorld)

The response to this year’s conference has been generally positive. Jon Oltsik’s RSA takeaways for NetworkWorld highlights some of the security conversations that resonated most:

  1. Security substance. “Beyond the hype, there was a lot of discussion about real universal security issues. How should large organizations address new threats, sophisticated malware, and targeted attacks? How can we get better situational awareness? What about risk management? These are the real topics that need a lot of air time.”
  2. Policy, policy, policy. “In the near future, security enforcement will be based upon granular policies around users, devices, network location, time-of-day, etc.”
  3. Mobile security mania. “There are nearly 100 companies offering some type of mobile security and/or MDM product. … Everyone wants a piece of this business but how do you manage all of these players…We need to secure these devices but I am not at all convinced that we know how this will play out.”
  4. Cybersecurity meets information security. “In the past, the cybersecurity community (i.e. the Beltway and the Feds) acted quite independently from the information security industry and security professionals. Washington had its own language and chummy organizations that remained foreign to the Silicon Valley security crowd. Given the synergies here, these two groups are slowly coming together.”