Watching RSA from afar

So, I'm not in San Francisco this week attending the RSA Conference, despite my wishes. But I have been enjoying some of the blog reports coming out of this IT security show. Now some might be asking why I should pay attention to an IT-focused show like the RSA conference when our industry is still (despite all the buzz) heavily focused on gates, fences, analog cameras, guards and old reed-style contacts for intrusion detection. The answer should be obvious. While yes, mag stripe cards and security fencing may still define much of commercial security, it's rapidly moving beyond that and I'm watching our industry as a whole pay a lot more attention to what's happening at the RSA Conference versus the FenceTech show.

Some of the things I like coming out of the RSA show:

-- Data privacy and network authentication are topics we harp upon. So, apparently, does Bill Gates. In his address to the crowd, he was talking a identity authentication, smart cards and a migration from passwords to something of recognition or token presentation. Jack Vaughn covered the topic as part of blog community.

-- We got a press release from a company you probably know well if you're delivering access control systems: HID Corporation. The folks at HID were at RSA demonstrating what they call their Crescendo technology. Cut to the chase -- it's their card technology designed specifically for converged physical and network access. Given that they demoed this new product at the RSA show, it's a touch of commentary on who will be leading convergence.

-- You put a bunch of security people in a room and they're naturally suspicious. At the RSA show they naturally try to bust each other's chops in regards to network security and notebood security. AirDefense was apparently playing that game. The company was trying to spot unprotected wifi devices, and even noted some wireless networks pretending to be the official RSA network.

-- How many articles have you seen from industry magazines talking about how to talk to your company executives about security investments? Don't we always think that when IT security wants something, they get it instantly, but we've got to prove that the camera for the parking lot is worth the money? Well, it's no different on the other side of the fence. SC Magazine is a good read for IT-specific security professionals, and I love this report from RSA 2007 talking about how to convince the C-level that IT security spending is worthwhile. It's proof that security expenditures are handled the same way, whether you're on the "physical" or the "logical" team.