In late February, a horde of 36,000 security experts descended upon San Francisco’s Moscone Center for the 29th iteration of the RSA Conference (RSAC), one of the most popular annual gatherings for the online security-minded. After three decades, the RSAC has established itself as a powerful thought leader in the cybersecurity space. In other words, what happens at the RSAC matters in the industry in general.
For obvious reasons, the banking and telecommunications industries continue to be a big part of the discussions that go on at these conferences, and particularly with regards to the latest expert opinions related to big data security.
With the castle-and-moat approach to security starting to show wear and tear in the form of an incessant stream of data breaches, these two industries find themselves at the front of the line to ferret out new approaches in the areas of endpoint security, zero trust, passwordless authentication, and anything else that holds promise.
The bottom line for banking, finance, and telecommunication companies is that, thanks to the enormous amount of data they accumulate, outdated methods of data security like the castle-and-moat approach begin to break down as networks grow more dispersed and complicated. In other words, the old way of doing things doesn’t scale well, and new data security steps will be necessary for businesses to properly secure their records and customer data.
For the 2020 version of RSAC, here’s what stuck out to me:
The Rise of CISA
For those who have sworn a sacred oath to learn as few acronyms as possible, let’s review. The Department of Homeland Security has a little cybersecurity agency known as the Cybersecurity and Infrastructure Security Agency or, you guessed it - CISA. What does this have to do with anything? Don’t we all hate, fear, or loathe the feds? Not so fast.
It turns out that CISA played a large role at the RSAC this time around, and not as the recipient of scorn and derision. As fate would have it, state and local governments are beginning to see the agency as a benevolent benefactor looking to share resources and money, the latter in the form of a (still in the works) $400 million cash pile used to fund cyber-related grants.
With Congress finally beginning to take seriously the need for paying attention to cybersecurity issues, don’t be surprised if we see more legislation intended to reduce red tape in interactions with state and local governments and fully fund that $400 million just mentioned. If you want to see it happen, call your congressperson. Often.
Endpoint Security Steps to the Head of the Line
While endpoint security has been gaining popularity the past few years, judging from the focus on it at the conference, everybody’s paying attention now. In fact, by my admittedly amateur count, there were at least 120 vendors with products/services aimed at the endpoint security crowd - this out of around 700 total. That’s a pretty big footprint.
Image Source: https://commons.wikimedia.org/wiki/File:Endpoint.JPG
The bottom line is that if you haven’t been paying attention to endpoint security, 2020 would be a good time to start looking towards that direction, whether you’re a large enterprise struggling to come to grips with the reality of cybersecurity or a small business semi-oblivious to the high fraud risk in processing online payments.
At this gathering, if you didn’t get your fill of the topic by wandering amongst the exhibits, given an appropriate amount of caffeine, you could have watched around fifty presentations and panels.
If you did that, you have my respect.
Wave Goodbye to the Password
Can you imagine an online world without passwords? There were 30 vendors at RSAC claiming to have perfected a method of authentication that doesn’t need the things yet still adheres to the FIDO2 standard. For review, the FIDO Alliance sets industry standards against which new authenticators in the market are judged.
Expect this topic to stay popular in the near term as major players continue to explore the idea of whether getting rid of passwords is a legitimate concept and how biometrics will pan out on a large scale. All I can say is that if it was good enough for Star Trek…
The Zero Trust Hullabaloo Continues
Zero trust. Is it a good thing or a hopelessly over-hyped thing? The jury is still out on that, but one thing is certain. We don’t seem to be getting closer to stemming the tide of stolen information that continues to be stolen and offered for sale on the Dark Web.
Companies are offering related products and services for sale left and right. How do you know which perform as advertised without flipping a coin or tossing a dart? One way is to check out the Forrester Wave, an unbiased report on the top 14 Zero Trust providers for 2019.
One thing is certain. While zero trust may or may not be the ultimate answer to the problem, the current ease with which network defenses are penetrated by bad actors alerts us that it’s clear we need a different approach. Perhaps zero trust is the answer. Or perhaps it will be something else.Only time will tell.
Beware the Real Virus
Normally, conference conversations center on the latest and greatest digital baddies, but this time around a little bug that goes by the name ‘coronavirus’ was a popular topic on everyone’s lips. While attendance was still respectable, there was a notable dip from the typical 40,000+ crowd. Additionally, Facebook, Verizon, and IBM cancelled at the last minute, and six Chinese companies were unable to make the trip due to travel restrictions.
While the coronavirus effect might still be considered modest at this gathering, if the disease continues to pick up steam globally, we could be looking at an even more sparse gathering at the next RSAC scheduled for Singapore in July. Hopefully someone will come up with an effective vaccine of some sort (and soon).
On the Horizon
The next RSAC will be held in Singapore on July of 2020, where the focus will be on defeating hackers in Asia, as well as a continued emphasis on the “human element” theme. If World War III doesn’t break out and the coronavirus doesn’t get me, I’ll be there getting my security fix satiated once again. Say “hi” if you see me.
About the Author:
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.
