The end of February. The RSA Conference 2014. Downtown San Francisco with 25,000+ other security professionals. It’s big... really, really big... 400 exhibitors, 500 speakers and tens of thousands of attendees. But what was hot? (Other than Clearswift of course…)
Last year, there was a clear theme of security analytics. This year, the emphasis was on actionable security analytics. It’s no good collecting information, finding a problem and then not doing anything about it – actions always speak louder than words, and it’s no different in security, particularly when it comes to threats when they are in action. There was also an ongoing discussion no SIEM vs. Log Management... the argument being that SIEM was expensive and complex – so not something everyone could deploy. The reality is that we (as an industry) need to make the actionable intelligence in SIEM solutions easy to use. This isn’t about deskilling, it’s about creating more sophisticated solutions that anyone can use – after all, the cyber-criminal doesn’t differentiate.
In a similar vein, there was an emphasis on Smart Controls for security, whether it was around doing more with identity and access management, better use of devices and apps or improvements in security for information. The latter saw several companies with novel encryption approaches but none had anything like Adaptive Redaction – which we were demoing on our stand. For those that saw it, they wanted to see more... and then more again. The use of Data Loss Prevention inside the organization with our Secure Exchange Gateway (for which we won ‘Awesome Product of the Year’ at the 2014 Info Security awards during the event) also received a lot of attention. The general response from people that visited the stand was that Clearswift has changed in the past 12 months - and that we are creating innovative products that provide key solutions that help address the new and ever changing IT risks. The number of calls that our US team will be following up with should certainly keep them busy for quite a while!
The theme of our stand was “The Enemy Within” and we ran a survey on the topic at the conference, refreshing our ongoing global message that the majority of security breaches happen inside of the organization. Only 34% of those surveyed were not aware of a IT security breach within their organizations, with both inside the organization and the extended enterprise being equally responsible for the breaches that had occurred (70%). Organizations are falling out of love with BYOD, with 61% now blocking access where possible. Education of users and understanding the location of critical information were seen as the top 2 mitigation actions an organization needs to take over the next two years.
Lastly, 60% of respondents did not feel confident that they had the current resources, skills or technologies to address information security threats, which reflects the overall theme of the conference rather nicely. Let’s see how much the industry progresses in time for next year’s conference.