Hot Topics from the RSA 2013 Security Conference

My colleagues and I attended the 2013 RSA Security Conference last week in San Francisco, and with well over 20,000 attendees, RSA was very busy and better attended than in recent years. After the conference I polled my colleagues for their “take” on the event.  

Here is a small part of what we took away from the keynotes and security sessions:

1)      On the topic of Advanced Persistence Threats (APT) – if I had a nickel for every time this term was mentioned, I’d be rich – there is a connection to FDE (Full Disk Encryption) in that Secure Boot is part of the solution to APT’s. See my previous blog for more information on Secure Boot and WinMagic’s demo at RSA.

2)      Big Data. Once again is a recurring theme of the show. In this context, much of the discussion was around the act of analyzing vast amounts of data from multiple sources to create new insights into user behavior. In fact, it is now possible to create new, highly sensitive data, by mining multiple sources of normal routine data. As a result, this aggregated data can cause new privacy and security concerns. For example, in one session called “Big Data Calls for Big Security!” it was questioned if the existing privacy regulations even applied to this created data. It will take years for the lawyers to sort this out.

3)      Embedded Security (an oxymoron perhaps??). While laptops and PC’s are secured to a reasonable level nowadays, I was aghast at some of the stories with respect to security practices for embedded systems.  I think that there is lots of opportunity for encryption and other security improvements in embedded systems such as printers and photo copiers and even ATMs.

4)      Social Networking Attacks Automated. In one session titled “SocialKlepto Corporate Espionage with Fake Social Network Accounts” the researcher actually wrote a program that automated the creation of LinkedIn profiles, with the end result being the attacker could monitor the business activities of his targets.  (I’m turning on all of my privacy settings on LinkedIn.)

5)      Mobility. Of course any conference of security experts not addressing BYOD security would be remiss.  Resistance is futile. Most security experts have given up on attempting barring user-owned smart phones and tablets from the enterprise and are looking for creative ways to protect their information from leaking to or from the devices. I saw some elaborate network based encryption solutions. Of course basic precautions such as ensuring that the password protection and encryption is turned are a good place to start.

This is just a small sampling of the thousands of conversations generated by the conference sessions and keynote speakers. The battle continues to be waged against cybercrime, but this battle will not be won anytime soon.

Previous Post
7 Myths of Encryption
Next Post
Nothing a patch can’t fix

Related Posts

Why Apple Matters in The Enterprise

It’s always interesting to get into the Mac vs. Windows debate as it relates to the Enterprise. For the longest time, the corporate IT stack was predominately Windows-based, but not any more. With the introduction of the iPhone and iPad,…
Read more

What is going on in Healthcare?

I’ve talked about data breaches due to a lost laptop before. They’re common, painful and usually generate horrible publicity. It continues to be alarming how many of these devices that are lost continue to be unencrypted. Looking around lately, there’s…

Windows 8 is here! Now what?

As someone that’s worked in IT for the better part of 14 years, I’ve seen my fair share of product launches. When it comes to operating systems, it’s always a cyclical engine; big flurry of attention at launch followed by…

WinMagic Certified Secure Validation

Today SanDisk announced their new SSD offering, the X300s – it’s their first drive to feature encryption capabilities. As part of this announcement, WinMagic also announced that SanDisk is the first drive partner we work with to complete the WinMagic…
Read more

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 15 seconds