In a few days, thirty thousand information security professionals from all over the globe will gather in San Francisco for the RSA Conference, the world’s largest information security event. After a year that included a number of high-profile data breaches, this conference will give the best minds in the industry a chance to share, learn and discuss some of the most important trends and topics in security today.
It’s a time of great opportunity in enterprise IT, which also means a time of growth and discovery for the security pros tasked with protecting and securely enabling their respective organizations. There are a few topics in particular I’m looking forward to exploring during RSA:
- Point of Sale breaches – In 2014, we saw a slew of POS breaches, and we now know that many of them could have been prevented with better security measures in place. For instance, one well-publicized breach came via a compromised vendor, who should have only received a minimal level of access to the client’s system. Interestingly, the Dell Global Technology Adoption Index (GTAI) found that, unlike other industries, the mid-size organization in the retail industry spends more of its resources on compliance-related security concerns than on hacker-related concerns.2 It will be interesting to see if that spending shifts in response to these high-profile POS attacks.
- Mobility – Clearly mobility is driving a good deal of the security conversation today. In fact, according to the Dell GTAI, 44 percent of mid-sized organizations still say security is their primary barrier to expanding their mobile programs.2 And they have legitimate cause for concern — mobile malware is becoming more sophisticated and beginning to mimic desktop malware in some cases. To guard against attacks, many organizations that do have a mobile strategy put restrictions on cloud access by company-owned smartphones (41 percent) and employee-owned smartphones (43 percent).
- Strategies for addressing data security – Just as necessity is the mother of invention, concerns about security will lead to new strategies for addressing data security. I think we’ll hear some forward thinking companies suggest ways to have data be responsible for its own security. As security evolves from reactive to predictive to prescriptive, we’ll be embedding rules and policies into the data itself so that it can sense when it has fallen into the wrong hands. We’ll see solutions move away from pure role-based security to context-aware and adaptive security…and that will of course evolve as well. In the future, we will see that access to information will not only depend on your role and your location and what kind of device, but things like the kind of OS, the current threat level, the business request context, and more.
In addition to all of the things I’ve already outlined, I think we’ll hear a lot about security’s role in the software development process, advances and revelations in cryptography, cybersecurity legislation, social media threat vectors and online identity issues. I’m looking forward to all of the sessions and discussions on these topics.
Some of these topics might even be discussed in the panel I’m participating in with two Dell Security Fellows — Dell SecureWorks CTO Jon Ramsey and Dell Executive Director for Security Timothy Brown — about security’s evolution from a restrictive business model to an enabling one:
Thursday, April 23, 9:10 a.m. | Moscone North, Room 130
We hope to see you there.