As the annual RSA Security Conference kicks off this week, thousands of security professionals, IT managers, and senior executives will converge on San Francisco to discuss the latest trends and to share approaches that work. But don’t look to the stage for insights in the latest security issues.
The conference team starts working on sessions programming in the summer and fall, before many of the biggest security events of 2016 emerged, including the rise of the Mirai botnet, the disruptive attack against Dyn, allegations of Russian interference in the U.S. presidential election, and Yahoo’s two megabreaches. While there are scheduled sessions about the security of the internet of things (especially connected cars) and nation-state attacks, the bulk of the conversations will be about the mundane security issues IT regularly deals with: social engineering, sophisticated malware, challenges of managing a sprawling network, and others.
Not being cutting-edge may be a good thing. The RSA Conference is considered the biggest security trade conference, but its focus has always been about securing enterprise data and networks and helping people work and live more securely online. Black Hat and DEFCON, by contrast, are the conferences where hackers show off how to break stuff.
Attacks succeed when enterprises fail to get the basics right. When software is left unpatched or administrator passwords are easily guessable, then there’s no need to get distracted by the latest, sophisticated attack. Look at embedded and legacy systems still running Windows XP instead, or examine how cloud security assessments should be performed.
So the RSA Conference is really about enterprise best practices. Expect some of the hottest long-running themes in security to be addressed:
- IT and security professionals interested in the intersection of security and devops will find a day-long track looking at trends in rugged devops and devsecops. Just imagine: Security, release engineering, and operations sitting at the same table.
- The Cloud Security Alliance will pack in practical information about securing cloud workloads, from the software-defined perimeter to security for IaaS and PaaS offerings. There will also be a technical analysis of “cloud first” ransomware — a terrifying prospect.
- A “security foundations” will address the day-to-day challenges IT deals with, such as virtual machine and container security along with identity and access management — especially the emerging FIDO standard.
- The new Ransomware Summit reflects the reality that ransomware is a big, serious problem. While 2016 was a wakeup call that enterprise IT needed to get back to the basics and ensure regular backups, it was also a reminder that attackers are always innovating. A look at the underground ransomware economy will help understand what enterprises are up against.
Ransomware is sure to be on attendee minds, but maybe they should worry less about paying the ransom. In a survey of 5,000 U.S. adults, Kasperksy Lab and HackerOne found that approximately 40 percent of respondents don’t expect companies to pay to get data back.
Reflecting concern about how the new administration will handle cybersecurity, Representative Michael T. McCaul, a member of the House Homeland Security Committee, will talk about cyberwarfare. No one yet knows what will be in the President’s cybersecurity executive order, but there’s plenty to worry about regarding the security of critical infrastructure and federal IT systems.
The real action, however, will be on the show floor as usual. The best and most valuable discussions are in and around the lounge seating areas, around the water coolers, and in closed-door conversations. IT professionals are always curious about how their peers are handling security — and ready to share their stories.
Anyone feeling down about the state of security should listen in or participate in those conversations. That’s where hope is.