This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
2. - Cloud, BYOD and big data: Read more in this section
- CISOs choose Splunk over SIEM for big data security analytics
- Does 'old-school' security work with BYOD-SaaS combo?
- RSA Conference 2014 analysis: Security topics to keep on the radar
Explore other sections in this guide:
Looking beyond the marketing hype at the RSA 2014, it's becoming clear to me that certain information security topics and trends that just six or eight years ago were niche at best are now hitting mainstream. Years ago, you may have seen one or two discussions around these topics at RSA or other such security shows, but they were often hit or miss. Now they're here, on our radar and in our faces.
Here are three topics enterprises should expect to see even more of in the coming months:
- Awareness. Training and education in regard to awareness have been around forever. It's been shown to not work time and time again. But now we're seeing more about the science behind education and learning and ways to be super creative so users can get -- and stay -- on board to becoming part of the solution rather than the problem (i.e., continuing to impede security efforts). Yet I must admit, anytime humans are involved (ill intent or not), I'm not terribly optimistic.
- Privacy. We're currently moving into a world where everyone is an open book. The main theme I'm seeing around this at RSA 2014 is how people will willingly give up their personal information and then complain once they realize how businesses are using it. I believe the topic of privacy is going to be huge moving forward. From collecting the information from consumers to securing and disposing of it … you're going to need to think about how your business deals with privacy involving customers -- and even your own employees.
- Cloud control. Now that cloud usage has become the norm, we're realizing it's out of control. Regardless of security policy, it's every user to himself or herself -- doing whatever, whenever on the Internet. What used to be thought of as a nonissue is now emerging as hundreds of "unauthorized" services traversing the network. Security teams have, at best, minimal insight and control. Something is going to have to change.
More RSA stories
View all of our RSA 2014 Conference coverage
There a few other notable security topics that will likely enter the enterprise radar, such as (more) advanced malware and better incident response, as well as metrics and maturity models that keep trying to find their way in.
While the RSA Conference is winding down, these areas of information security are winding up. Keep these topics in mind. A huge part of information security is engaging the management team and selling them on what you believe is best for the business. Well-funded security budgets have a basis in meaningful and impactful contributions, so do what you can to keep these issues alive.
About the author:
Kevin Beaver is an information security consultant, expert witness, author and professional speaker with Atlanta-based Principle Logic LLC. With more than 25 years of experience in the industry, Beaver specializes in performing independent IT security vulnerability assessments of network systems and applications. He has authored or co-authored 11 books on information security, including the best-selling Hacking for Dummies as well as Implementation Strategies for Fulfilling and Maintaining IT Compliance. In addition, he's the creator of the Security on Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach Kevin through his website, www.principlelogic.com, follow him on Twitter at @kevinbeaver and connect to him on LinkedIn.