3 Takeaways from the RSA Security Conference

Last week security experts and corporate IT folks met up at the RSA
Conference in San Francisco. Security is always an important topic, made more so
this year as several large profile security organizations were hacked including
RSA Security and Verisign. So what did the industry conclude during the week?

Here are some key takeaways as reported by attendees:

1. Technology is only part of the solution

The number of security breaches keeps increasing and many people assume that
a failure in the technology is to blame. While sometimes the case, it is also
true that there is a huge human element in security. Take for example the DOD
breach where a soldier sold classified information to WikiLeaks. Analysts say
that many of the technical procedures put in place worked, but an insider was
able to get through them to gather and deliver the information. The human factor
can’t be removed from security issues, but enforced policies and procedures can
help make even these types of breeches less frequent.

2. Better warm up to the cloud

Even while use of the cloud has skyrocketed, questions about security still
plague its progress. An expert panel at the conference basically stated that the
cloud and the advantages it brings are here to stay. In fact SC Magazine quotes
Chuck Deaton, director of information security at Humana as saying

“You will be assimilated.”

To some the cloud is as scary as the Borg of Star Trek fame, but the message
from the conference this year is clear: It’s not going away, security is an
issue, but that it’s being addressed and will only get better.

3. BYOD presents huge security risks

Device. D stands for device. IT departments everywhere are struggling with
employees bringing their own smartphones or tablets to work and connecting to
the corporate network. Infosecurity Magazine even referred to BYOD as “Bring
Your Own Danger” in an article full of scary statistics about the
vulnerabilities these devices create. The article quotes a study released during
the RSA conference in which 59% of respondents said that employees circumvent or
disengage security features when using their devices. Fifty-one percent of
organizations reported data loss from the use of unsecured mobile devices. A
single lost cell phone could offer a goldmine to someone looking to personal
profile employees or use it to directly connect to corporate resources. Simply
using a pin code on your phone can virtually eliminate the risk. But few turn on
such features.

IT administrators and ISOs everywhere are constantly looking for solutions.
RSA highlighted many of the issues this year, and provided some solutions.

Did you attend the RSA conference? What were your takeaways? And did you see
the session on Star Wars? I heard it was the best.