My feet have barely touched the ground at this year’s RSA Conference, and already there are too many talking points to mention.
One thing which immediately struck me is the sheer number of people attending this year compared to 2011. The reason for this, which RSA president Art Coviello addressed in his opening keynote: the last year has seen an unprecedented number of high-profile security breaches. If this isn’t sufficient reason for the great and good of the security industry to converge on San Francisco to discuss and dissect their experiences, then I don’t know what is!
The sheer volume of breaches in the past twelve months seems to have brought about a shift in the executive office’s attitude towards security policy. At the highest level, there is always a trade-off between the risk of a breach and the cost of the security required to prevent it. In the past, more often than not, most companies were willing to accept this risk, believing that even if they were breached the remediation cost would be less than taking more proactive security measures. This is perhaps why, at last year’s conference, it seemed like everyone was focused on GRC (Governance, Risk, and Compliance).
By contrast, this year the hot topic is taking risk seriously and implementing controls to ensure that breaches like the ones we have seen in the past year simply do not happen again. While no company can be fully immune to attack, this focus on being proactive rather than reactive to risk is promising and should result in better overall security. Funding for these sorts of controls should now be easier to come by, thanks to the wake-up-call the whole industry has been given.
Art’s keynote (which you can watch in full below) reinforced the need for proactive security measures and for our industry to shift its focus from a reactive stance that may previously have been the norm. Now that the full cost of a security breach (both financial and reputational) is better understood at executive level, there should hopefully be more backing for these projects in the years ahead.
Over the next few days I’ll keep you up-to-date with highlights, impressions and the debate we get stuck into at RSA. If you’re at the event yourself then let us know your thoughts on what’s happening in the comments section below, or Tweet me for a chat @ewizworld. I’m always open to suggestions of what else I should be taking a look at!
You can always see what else Gemalto is up to at our booth, #234, where we’ll be showcasing Strong Authentication for Windows DirectAccess, amongst other things, through the rest of the show.