With 15 keynote presentations, more than 700 speakers across 500+ sessions, over 550 companies on the two expo floors, and a record number of 43,000 attendees, last month’s RSA Conference in San Francisco was a hub of activity.
Several key recurring trends and ideas emerged, including artificial intelligence (AI) and machine learning. Time will tell if this was just hype; that is, a fancy way of saying we do heuristic processing that anti-virus vendors have been doing for some time now— but it seemed like a rising security trend.
Visibility and analytics were also a main part of the RSA conversation. Analytics for security is based on the assumption that you can’t block everything, but it’s best to shorten the time to breach detection. I saw some interesting examples of creative visualization of network and server interactions to help differentiate analytics offerings.
On the other hand, I was expecting to see more on Internet of Things (IoT) security, but I walked away from the exhibition disappointed. Apart from discussions around the security of closed systems like utilities, I think the industry hasn’t yet decided whose problem IoT security is to solve: the manufacturer, the telco/mobile operator, the app developers? In his keynote, Bruce Schneier called for regulators to step in and regulate the Internet of Things. But, I wasn’t surprised at the high level of interest the crowd on the exhibition floor had for this topic.
There’s no doubt that the proliferation of IoT devices is creating millions of security holes that not only security professionals, but everyone who has smart devices in their home will need to deal with.
For example, in AT&T’s recent Cybersecurity Insights report, 85 percent of 500 organizations surveyed said they are considering, exploring, or implementing an IoT strategy. One-third of respondents said that they have a staggering 5,000 or more IoT devices in their organization, yet 88 percent of respondents said they lack confidence in the security of their business partners’ IoT devices.
Vendors will be challenged to provide IoT security features based on limited budgets, the decentralized approach of most IoT implementations and the minimal computing resources available on these devices.
No one at the conference claimed to have a silver bullet that solves the IoT security problem, and they shouldn’t. However, we as an industry still seem to be in a reactive mode when it comes to IoT security. With billions of IoT devices being deployed in the coming years, the time to act on security is now.