Will the new presidential administration make America's cyber defense a priority? And with more businesses moving their resources to the web, what does that mean for security? This and more will be addressed at the 18th RSA Conference, being held April 20 to 24 in San Francisco's Moscone Center.
“We have quite a few sessions lined up to discuss cloud computing,” says Tim Mather, vice president and chief security strategist for RSA Conferences. “From an excitement perspective, it's probably the single hottest topic.”
And, he points out, several representatives from the federal government will be speaking on panels and track sessions to examine what the Obama presidency means for security. Will a cyber czar be appointed? Will the NSA take over the national security initiative? Is a federal data security bill a reality?
A new track this year, he says, will be looking at the convergence of physical and information security. This will be examining the design of critical infrastructure protection. A lot of industries and facilities, particularly nuclear power plants, refineries, water treatment plants, are vulnerable to attack and both physical and information security defenses must be in place and maintained, says Mather.
Another highlight he points to is the Research Reveal track that two security researchers have put together to look at anything that requires analyzing data sets, statistical analysis and malware trends. “It's a solid crunching of numbers with a lot of academic study,” says Mather. “A lot of theoretical thought work to reveal strategies people may use to attack.”
RSA's overarching strategy in putting this year's show together has been to emphasize a couple of things: being thorough and getting specific.
“We've advised speakers to go deeper, to get into details,” says Mather, “and to place a heavy emphasis on how does this apply to the audience. We want attendees to bring it home.” This involves the sharing of ‘war' stories, he adds.
More with less
“In the global environment, companies need actionable presentations, and there's a need to do more with less,” explains Sandra Toms La Pedis, area vice president and general manager of RSA Conferences. “A whole new wave of phishing attacks emerged as soon as banks showed vulnerability,” she says. “With the downturn in the economy, there are new opportunities for people to attack.”
The RSA Conference is focused on making sure people are on top of their game, she says. Mather adds that as disgruntled employees are laid off, there's a significant disruption within the enterprise, and this presents increased risk for insider attacks.
Also new to the RSA Conference this year is a half-day session on April 20 called the Innovation Sandbox that is devoted to new technology breakthroughs and solutions to help security practitioners face challenges. The session is calling out innovative new companies. A panel of experts will judge the proceedings and present awards.
Show goes on and on
Experts from one vendor, Veracode, say that 2009 is the year application security will move to the forefront, and two approaches will dominate the market: source code scanning and binary analysis. Veracode and other industry heavyweights, such as Oracle and Intuit, will lead a debate, “Software Security: Source Code vs. Binary Code Analysis.”
According to Metaforic CEO Andrew McLennan, the misuse of enterprise software (corporate piracy) is already increasing sharply and this will continue in the next year. Failing to deal with it will result in reduced sales and customers will be trained to use pirate software and avoid paying. This will compress future growth and make recovering money from existing customers extremely difficult.
This will be compounded by virtualization platforms being used to promote illegal software usage, both in the ability to run hacked software in an isolated ‘safe' environment and in the ability to mimic a single legitimate install across multiple instances of a VM.
Further, he says, as more software moves to virtualized compute platforms hacking efforts will move to compromising the lowest common denominator – the virtualization platform. Making these platforms truly secure is a huge issue as successful hacks in this area will lead to catastrophic failures in application and data integrity that could dwarf the losses seen in earlier years.
“With the current economic environment, enterprises are looking at ways to outsource their IT security to service providers in an effort to streamline capital costs and lessen the workload on already stretched thin IT departments, says Joel Silberman, VP of North America for Optenet. “Lay-offs will spur a dramatic increase in internal threats from disgruntled employees and reduced IT spend will motivate hackers to exploit enterprises with a myriad of malicious attacks. Utilizing integrated, customized and comprehensive security in the cloud will prove to be the only solution that can provide the security protections that enterprises require while living within budget and man power constraints.”
Silberman adds that 2009 will require a re-definition of service providers and how value added resellers (VARS) need to re-think their models to take advantage of the drive by enterprises to take on in the cloud services.
At RSA, Optenet will demo the latest version of its Secure Web Gateway.
Arthur Coviello Jr., executive vice president of EMC and president of the company's RSA business unit, will kick off the conference with a keynote. Other industry leaders speaking include Enrique Salem, who soon will take over as CEO of Symantec; Scott Charney, corporate vice president, Trustworthy Computing, Microsoft; John Chambers, chairman and CEO, Cisco; and Philippe Courtot, chairman and CEO, Qualys.
CNN senior legal analyst Jeffrey Toobin will moderate a panel of federal judges and lawyers, to discuss the increasing role of information security in the courtroom.
The show floor is shaping up, says La Pedis, with more than 350 vendors expected, and attendance at the event is expected to exceed 17,000 attendees.