Key Takeaways from the RSA Conference in San Francisco
The world has changed by the evolution of technology, and the role of technology has been changed as well.
The role of the internet has evolved.
When first introduced two decades before, people saw it as different space, cyber space, which was disconnected from real world, but now it is connecting the real world.
This is what Brad Smith, President & Chief Legal Officer at Microsoft Corporation emphasized in his key note speech, RSA Conference San Francisco at Moscone Center. Watch his full key note video here.
Security by itself, as well as technologies around security is becoming a hot topic for all business environment, politics, and every organizations nowadays. The concept may be vague since it covers a broad area, but I would like to wrap up some key topics as well as thoughts around it.
Topic 1: In the absence of security education or experience, people (employees, users, customers, …) naturally make poor security decisions with technology
There are various background theories regarding this issues, as many key note speakers, presenters, and industry analysts agreed and acknowleged.
Christopher D. Young, Senior Vice President and General Manager, Intel Security Group, introduced one of their initiative to improve education and internship for the students in universities, collaborating with Indiana State House. Watch the video here.
Some analysts mentioned that this talent shortage might have connections with the increase of interest toward automation, orchestration and management solution among the industry, which leads to the second topic below.
Topic 2: More traction of Orchestration and Automation solutions might have links to labor shortage in Security community
According to the survey titled "State of Cybersecurity: Implications for 2016" done by ISACA and RSA Conference in late 2015, more than 50% of the respondents specified that it took 3-6 months to fill a cybersecurity/information security position. More importantly, 59 percent noted the lack of qualification of half of the job candidates those were hired. Read the detailed report here.
These are significant challenges to many of the organizations, and industry experts mentioned this challenge and increasing traction in orchestration / automation solution has connection. Even if the security solutions in place have properly report an issue or an incident, it will depend on the personnel to take an appropriate action. Automation might help standardize or mitigate risk of this, especially if the individual lacks experience. Education improvement is one of the solution, but organization may not be able to wait until those students be ready to be hired by the enterprise.
Topic 3: Insight and Visibility solutions everywhere
"Real-time monitoring is now the foundation of security," said Martin Fink Executive Vice President, Chief Technology Officer, Hewlett Packard Enterprise, in his keynote speech. Catch his speech here.
Clearly, many solution expo booths had some kind of monitoring, reporting, insight and analytics solutions.
Yes, as we saw in the prevoius topic , these are the area that may contribute to several needs including operational efficiency and talent shortage.
However, since there are so many solutions that focuses on this topic, we also heard that some enterprise are lost and having difficulty to choose the best solution for themselves.
For instance, we heard there are 4 major ways to think and plan risk mitigation they are threat-centric, risk centric, data centric, and Identity centric approaches.
Surely there is no one answer that to be applied to ALL organizations, however here we would like to share just one idea – yes, the user identity is significant. Data is the engine of your IT system and resources. But how do you today leverage all of these, both in your private life and business environment? What do you indeed use to leverage these IT systems, identity, and data? YES – THE APPLICATION. Applications are what you use. Applications are what consumers care about. And that is why an application-centric approach maybe a good option for enterprises to consider.
There's an example of today's useful discussions in the following reference section. Enjoy, and hopefully it will help you move forward with your security challenges.
Reference: https://f5.com/security-octagon-debate