Monday, April 14

Trip Report: RSA Conference

I just got back from the RSA show and I'm sure I'll need more than one post to cover everything I saw and heard of value. A couple main themes for me were:

  • The move from security as the first-mover to business as the first-mover. In other words, security can't just sit in a vacuum trying to make everything more secure in unmeasurable ways - just spending as much as the budget allows on various improvements. Security requirements need to be driven by business requirements and risk analysis.

  • User Centric identity continues to emerge. In various discussions, there were lots of differing opinions on user-centric identity. Sun stood up an OpenID provider for employees and found that the technology was a little premature for non-trivial uses (like blog commenting or white paper downloads). Michelle Dennedy of Sun thought consumers probably shouldn't be trusted to approve information sent to online retailers (something I tend to agree with). Dale Olds of Novell has some creative uses of user-centric technology in mind that put the enterprise in control of enterprise data and enable the user to maintain control of how they will authenticate to various apps.

  • Networking. This was a fantastic networking event for me. Around every corner were people doing very interesting things that were willing to share ideas. In addition to catching up with former colleagues from Unisys and RSA, I had interesting discussions with people like Mark Wilcox, Kaliya Hamlin, Jonti McLaren, Pamela Dingle, Andreas Antonopoulos, Ari Juels and Sean Kline, James Costello, Jack Daniel, Kristen Romonovich and Sara Peters, Dale Olds, as well as others (I think I lost some business cards).
I really enjoyed the keynotes by Art Coviello and Malcom Gladwell, though I already knew the stories that Gladwell told, having read the book. Coviello talked about Thinking Security where the word thinking is an adjective rather than a verb. Thinking Security adapts to its dynamic environment and changing threat landscape. This is perhaps the future of security technology - to be pro-active in its ability to be reactive. ...more on that later.

I had interesting booth discussions with eEye, BioPassword, Compliance Spectrum, and M-Tech. And even had lunch with one of the great legal minds from Cisco. I didn't catch his name, but he provided some great food for thought around compliance and legal issues. Specifically, he mentioned that some security vendors are trying to force their technologies into law and it sounds like Cisco is fighting the good fight

I'm going to have to stop here for now. I'm sure there will be more to come on RSA happenings.

2 comments:

Kristen Romonovich said...

Hello Matt,

It was great to meet you at RSA's security bloggers party. Will you be at CSI SX, Interop and Software 2008? It will be in Las Vegas, so I will be at the craps tables if you'd like to join me.

-Kristen, GoCSIBlog.com

Matt Flynn said...

I don't think I'm going to make it to CSI SX this year, but looks like it promises to be a good show for folks who have an IT infrastructure to lock down. Have fun though - Vegas is a great place for an event!