The RSA conference is an IT Security conference held around the world several times a year. One of the bigger events in this series is in San Francisco – usually in late February or early March. This year’s conference was from Feb 24-28 at the Moscone Center.
Here is some background about this conference. “RSA” refers to a public-key encryption technology, which is widely used in secure data transmission, developed by RSA Data Security (founded in 1982). The abbreviation stands for (Ron) Rivest, (Adi) Shamir, and (Leonard) Adleman, the inventors of the technique. The idea of an RSA conference focused on Data Security originated in 1991. The conference’s focus expanded from cryptography to broader IT security issues. This year, 40,000-plus people attended the conference, and 700-plus vendors filled the North and South Expo Hall. Three major vendors, IBM, Verizon and AT&T Cybersecurity, pulled out of the conference this year over concerns surrounding the novel coronavirus, or COVID-19. There were several health and safety measures used by the conference organizers, including disinfectant wipes at all check-in counters, hand-sanitizing stations near each touch-screen interactive campus map and way-finding station. Less than 2% of the attendees canceled their participation (many from China where they were not allowed to leave the country).
The theme for this year’s conference was Human Element. While Artificial Intelligence (AI) is being increasingly used to thwart security threats, the perpetrators of security attacks are also employing AI to increase the surface of threats. The constant element across this tussle are the security professionals – who are the attendees of the conference. That is the human element.
Rohit Ghai, president of RSA, summarized this in his opening keynote by saying the actions taken by the attendees affect every aspect of humanity. The responsibility of IT Security Professionals is not just protecting the data, but every aspect of our lives – from election hacking to weaponization of social media. Ghai also urged the audience to celebrate successes at a collective level – to share the best practices and recipes to win. While the breaches that take place make the headlines – driving stories of security incompetence, the successes of thwarting or mitigating attacks rarely do.
Ghai had the tough job of speaking after George Takei, who opened the conference. Ghai passed the tough job baton to the security professionals in the room – talking about the increased security threats due to the growing use of cloud-based technologies, like containers, microservices and open-source orchestration tools. The speed of software development has increased – and so have the vulnerabilities.
To amplify the Human Element theme, the conference organizers listed dozens of personality elements – urging attendees to find the human element that best represents them. These elements were creatively presented in a tree of buttons, and attendees could take a button they identified with.
Steve Grobman, CTO of McAfee, was another keynote speaker. He pointed out that unpatched vulnerabilities remain a major problem.
Wendy Nather, head of advisory CISOs at Duo Security (part of Cisco), noted that security professionals cannot control what the end user is doing – including clicking on malicious links. As a result, security needs to be designed into all processes.
There were several other keynotes from noted speakers including Ann Johnson, corporate vice president of Cybersecurity at Microsoft; Kara Swisher, co-founder of Recode; Andy Ellis, CSO at Akamai, and Mary Barra, CEO of GM. Space and time constraints prevent us from writing about all of them.
With increasing cybercriminal activity, the Global IT Security industry is expected to cross $1 trillion in spending over the next few years with 12%-15% year-over-year growth. It is expected that cybercrime will cost the world $6 trillion annually – from DDos attacks to ransomware to breaches. The RSA conference definitely arms IT Security professionals with the intelligence, insights and connections they need to prepare for the tough challenges posed.
Prakash Narayan serves in the Executive Committee of ATEA. A BITS Pilani alumnus, Narayan received an MS in CS from IIT, Delhi. He worked for over two decades at Sun Microsystems, before he co-founded Micello. He is a member of the Angel Investor group Keiretsu Forum, and also volunteers his time in several organizations, including TiE Silicon Valley.