- The move from security as the first-mover to business as the first-mover. In other words, security can't just sit in a vacuum trying to make everything more secure in unmeasurable ways - just spending as much as the budget allows on various improvements. Security requirements need to be driven by business requirements and risk analysis.
- User Centric identity continues to emerge. In various discussions, there were lots of differing opinions on user-centric identity. Sun stood up an OpenID provider for employees and found that the technology was a little premature for non-trivial uses (like blog commenting or white paper downloads). Michelle Dennedy of Sun thought consumers probably shouldn't be trusted to approve information sent to online retailers (something I tend to agree with). Dale Olds of Novell has some creative uses of user-centric technology in mind that put the enterprise in control of enterprise data and enable the user to maintain control of how they will authenticate to various apps.
- Networking. This was a fantastic networking event for me. Around every corner were people doing very interesting things that were willing to share ideas. In addition to catching up with former colleagues from Unisys and RSA, I had interesting discussions with people like Mark Wilcox, Kaliya Hamlin, Jonti McLaren, Pamela Dingle, Andreas Antonopoulos, Ari Juels and Sean Kline, James Costello, Jack Daniel, Kristen Romonovich and Sara Peters, Dale Olds, as well as others (I think I lost some business cards).
I had interesting booth discussions with eEye, BioPassword, Compliance Spectrum, and M-Tech. And even had lunch with one of the great legal minds from Cisco. I didn't catch his name, but he provided some great food for thought around compliance and legal issues. Specifically, he mentioned that some security vendors are trying to force their technologies into law and it sounds like Cisco is fighting the good fight
I'm going to have to stop here for now. I'm sure there will be more to come on RSA happenings.