Last week security experts and corporate IT folks met up at the RSA Conference in San Francisco. Security is always an important topic, made more so this year as several large profile security organizations were hacked including RSA Security and Verisign. So what did the industry conclude during the week?
Here are some key takeaways as reported by attendees:
1. Technology is only part of the solution
The number of security breaches keeps increasing and many people assume that a failure in the technology is to blame. While sometimes the case, it is also true that there is a huge human element in security. Take for example the DOD breach where a soldier sold classified information to WikiLeaks. Analysts say that many of the technical procedures put in place worked, but an insider was able to get through them to gather and deliver the information. The human factor can’t be removed from security issues, but enforced policies and procedures can help make even these types of breeches less frequent.
2. Better warm up to the cloud
Even while use of the cloud has skyrocketed, questions about security still plague its progress. An expert panel at the conference basically stated that the cloud and the advantages it brings are here to stay. In fact SC Magazine quotes Chuck Deaton, director of information security at Humana as saying
“You will be assimilated.”
To some the cloud is as scary as the Borg of Star Trek fame, but the message from the conference this year is clear: It’s not going away, security is an issue, but that it’s being addressed and will only get better.
3. BYOD presents huge security risks
Device. D stands for device. IT departments everywhere are struggling with employees bringing their own smartphones or tablets to work and connecting to the corporate network. Infosecurity Magazine even referred to BYOD as “Bring Your Own Danger” in an article full of scary statistics about the vulnerabilities these devices create. The article quotes a study released during the RSA conference in which 59% of respondents said that employees circumvent or disengage security features when using their devices. Fifty-one percent of organizations reported data loss from the use of unsecured mobile devices. A single lost cell phone could offer a goldmine to someone looking to personal profile employees or use it to directly connect to corporate resources. Simply using a pin code on your phone can virtually eliminate the risk. But few turn on such features.
IT administrators and ISOs everywhere are constantly looking for solutions. RSA highlighted many of the issues this year, and provided some solutions.
Did you attend the RSA conference? What were your takeaways? And did you see the session on Star Wars? I heard it was the best.
