It began with a kickoff from Captain Kirk himself, Star Trek actor William Shatner, leading to the inevitable quip that this year's RSA Conference would boldly go where no conference has gone before.
And with 25,000 attendees, 400 sponsors and exhibitors and 550 speakers, the claim was on solid ground. The gathering, held this week at Moscone Center in San Francisco, is the largest in its history, which dates back to 1991. The participation level shows the growing interest in a now $60 billion security industry that is expected to grow tenfold in the next decade, according to insiders.
Clearing the Air
Arthur Coviello, executive chairman of RSA Security LLC, the encryption giant that convenes the conference, started off in something of a defensive manner, devoting his keynote address to taking on recent allegations that the company in 2006 provided a flawed encryption program that would allow intelligence gatherers a "back door" to monitor widely used computer products. The deal, which was reportedly worth $10 million, was mentioned in a December 2013 article from Reuters news service, with allegations attributed to two unnamed sources.
In the address, recorded and posted on RSA's site, Coviello acknowledged that the allegations hurt the company because it was seen 20 years ago as being in the forefront of efforts to secure digital information against the government.
He said RSA only intended to work with the NSA in its defense efforts, rather than in an intelligence capacity, suggesting that the agency should focus on that role while allowing the Information Assurance Directorate to "spin off" and deal with cybersecurity. "If the NSA exploits a tradition of trust within the security community, that's a problem," he said.
The large hall of the Moscone Center was filled with vendors hawking new technologies to thwart malware makers, hackers, and identity thieves. Automated threat warning and incident response were big themes this year, according to reports.
"McAfee/ seemed to set the tone that existing defenses are obsolete and you can no longer rely on security," technology consultant Rob Enderle of the Enderle Group told us.
"You have to build it in and massively integrate it from the foundation out to the endpoints. Anything less just isn't good enough."
Social Media Threat
Session topics included hackers and threats; governance, risk and compliance; data security and privacy; cryptography; plus a forum focusing on 'the human element.' That track covers insider threats posed by social networking and discusses security awareness programs.
Another forum focused on policies, processes and technologies for managing employee-owned devices (MDM) and the spread of BYOD, or "bring your own device" programs at companies. Mobile malware, threats and device management were among the topics.
The hackers and threats forum included a discussion on the underground economy, new vulnerabilities, exploitation techniques and reverse engineering, while a more technically advanced segment included live demonstrations and code dissections.