The security world has now departed from last week’s RSA conference. On the show floor and in the sessions attendees receive carefully crafted and targeted messages. But rather than talk about vendors and presentations, I would like to focus on what drives the bigger pulse of the security industry — the main topics that filled the conversations of attendees in and around the show.
#1 Apple and the FBI
The top topic of conversation everywhere was the conflict between Apple and the FBI over demands for Apple to create an alternate version of iOS to give law enforcement access to locked iPhones. There was total unanimity among people I heard supporting Apple’s position to resist these demands. We are all in the security industry and appreciate just how hard it is to make systems secure at the best of times, and how poorly we are already doing at that job. Adding additional vulnerabilities is almost unthinkably reckless.
#2 Funding Drought
A topic that was missing from the talks and the vendor floor, but that was on many lips at the parties, was the funding drought and associated low valuations for security startups. After a couple of years where it seemed that any security based startup could get funding, we are seeing an aggressive pullback. This will likely lead to an acceleration of acquisitions of promising early stage security businesses by established players at attractive prices.
#3 IoT Security
Discussions of the security impact of the growing Internet of Things (IoT) were everywhere. Because IoT means so many different things to different people it was like a boogieman lurking in every dark corner. The common thread is that these devices are generally very poorly secured and hard to manage. They present direct risks if they control things like electric power infrastructure, medical devices or your car. They also create indirect vulnerabilities simply by existing with your network perimeter — having direct access to all of your other devices and data.
#4 Autonomous Devices
The news of the first “at fault” crash of a Google autonomous vehicle tied into this worry about the IoT and raised all kinds of questions about how liability will work with unattended devices that cause harm. Until legislation and the courts bring some clarity to these issues adoption of these technologies will be unnecessarily slowed.
#5 Cloud Servers
I heard some really interesting discussions of how the wholesale move of server infrastructure to the cloud is impacting businesses but this year more significantly how it will impact vendors of security devices. There will be a great deal of disruption to security appliance vendors when their customers completely cease buying physical devices. This will create tremendous opportunities for disruption in the security industry.
#6 Ineffectiveness of Security Tools
Finally, there was a lot of griping about the ineffectiveness of many existing security tools and the need for new kinds of solutions which can address and secure against even undetected attacks and ensure minimization of damage when a breach does occur. The Maginot line type of defense has failed for cyber security just as it failed for the French in World War II.
So while vendors were dishing out their specific messages on the main floor, the real important themes and issues were being discussed at the parties and other social events. RSA is always a great place to get a better understanding of what is really important to the security industry…you just have to know where to listen!