Edward Snowden, Data Breaches & the NSA: The 2014 RSA Conference

Edward Snowden, Data Breaches & the NSA: The 2014 RSA Conference

Last week, WorkIntelligent.ly provided updates from the RSA Conference in San Francisco. Today’s summary of the conference has been written by Ron Arden, Vice President, Fasoo USA, Inc.

It was a banner year for the 2014 RSA Conference, with more than 25,000 attendees and 400 vendors attending. In fact, just walking the show floor was like trying to walk through Times Square on New Year’s Eve. And Edward Snowden and the NSA were on a lot of different lips.

Art Coviello, executive chairman of RSA, gave the opening keynote, spending much of his time deflecting accusations of NSA collusion. Rumors have been rampant since last September that RSA, the security division of EMC, made a deal with the NSA to weaken key encryption standards and allow a backdoor for NSA tampering. Art sought to dispel these rumors, and told the audience that the RSA recommended replacing the supposedly compromised algorithm as a safeguard.

In talking to attendees during the conference, I got a sense that most people have a heightened awareness of the weaknesses in their security. High profile data breaches have been in the headlines for months, involving big names like Target, and businesses are finally starting to take serious action.

Common Areas of Concern

Three items on everyone’s radar were mobility, weak authentication and protecting intellectual property from being lost or stolen. Many C-suite executives attending the conference were focused on risk mitigation in these three areas. A Tuesday session, entitled “Are Mobile Devices the Answer to the Strong Authentication Problem?,” had panelists discussing ways to better safeguard information access in light of the Edward Snowden security breaches, as Snowden’s primary means of entry was a privileged user’s credentials. Technologies to solve this problem were in evidence all around the show floor, including a number of multi-factor authentication solutions.

Intellectual property theft was also a hot topic, but more robust technology and a greater willingness from companies to deploy it will help limit future data breaches. Though hackers and criminals are getting smarter, making it more difficult to keep them out, a security approach with file-centric security as the core is the best way to protect intellectual property from getting into the wrong hands.  As someone famous once said, hope for the best, but plan for the worst.

Today’s Security Challenges

Another panel talked about moving beyond perimeter security and embracing better authentication and access controls. Think of today’s security as building a castle and expecting to keep the bad guys out with a few guards, high walls and a moat. Unfortunately in today’s world, the perimeter is full of holes and difficult to defend with this type of strategy. Employees work from everywhere, use their mobile devices and access information in the cloud. It’s difficult to even define the perimeter right now, but the solution may lie in authentication and access controls. These security features move beyond basic username/password-style security and focus on providing a real guarantee of your identity.

2014 RSA Conference Closing Thoughts

With data security on everyone’s minds these days, the 2014 RSA Conference had a bit of a different feel than prior conferences. The key takeaway was that businesses are finally taking steps to prevent problems before they happen, rather than the other way around. And with how critical information mobility is for growth in a changing economy, data security will only become more important for businesses looking to ensure that their information works for them – and not someone else.

Get more of your data security fix by checking out WorkIntelligent.ly’s recent RSA Conference updates here.

Ron Arden is Vice President of Fasoo USA, Inc., where he drives strategy, marketing and professional services.  He has more than 25 years of strategic planning, marketing, sales, business development, consulting and technical experience in the information technology industry.  Throughout his career, Ron has developed and delivered enterprise-wide security and information systems helping customers reduce risk and cost in their organizations. He holds a B.S. in Electrical Engineering from the University of New Hampshire.