Much ink has been spilled about potential boycotts of the 2014 RSA Conference, but most signs indicate that next...
week's event will be business as usual.
Beginning Monday at the Moscone Center in San Francisco, the 23rd iteration of the most attended conference in the information security industry has been dogged for months by allegations of RSA's impropriety. According to a December Reuters report, RSA, the security division of EMC Corp., signed a secret $10 million contract with the National Security Agency (NSA) to purposefully employ the flawed Dual_EC_DRBG algorithm as the default option for generating random numbers in its BSAFE cryptography product.
View all of our RSA 2014 Conference coverage.
The security community reacted to the Reuters report with much hand-wringing, with some high-profile industry experts, including Mikko Hypponen of F-Secure Corp. and Josh Thomas of Atredis Partners, eventually deciding to pull their planned 2014 RSA Conference presentations.
The result of the industry rancor was the birth of next Thursday's TrustyCon, a day-long event featuring presentations by several RSA Conference refugees. Combined with the Security B-Sides event in San Francisco, the RSA Conference has arguably more competition for attendees and speakers than ever before.
However, there are few indications that the RSA Conference is facing any real threat.
For one, RSA Conference organizers have said that attendance for this year's show is expected to surpass last year's record of 24,000 attendees. Though hard numbers won't be available until after the conference, the expanded footprint of this year's event, utilizing the North, South and West buildings of the Moscone Center, indicates RSA doesn't expect a shortage of attendees or sponsors.
Featured speakers to include Coviello, Colbert
Despite the loss of some star presenters, the RSA Conference reports more than 500 speakers slated to participate in next week's show. Perhaps the most notable name in that lineup is comedian Stephen Colbert, who is expected to provide the closing keynote on Friday despite calls from many privacy advocates to cancel his appearance.
RSA executive chairman Art Coviello will take the stage Tuesday morning to give his customary opening keynote. Anticipation for Coviello's talk will likely be greater than usual, amid speculation as to whether he will address the NSA allegations in the same direct manner as he did the RSA SecurID breach at the 2012 RSA Conference.
Ben Tomhave, research director with Stamford, Conn.-based IT advisory firm Gartner Inc., said the SecurID situation was vastly different, and to not expect much official talk around the NSA.
"The SecurID breach was pretty public; everyone knew there was a breach. In this case, all we have are allegations related to one leak, with no real context around it," Tomhave said. "So I would be surprised if much was said about it all, especially given that doing so would potentially open the door to litigation as well."
Yet with such an intense industry focus on Edward Snowden's NSA leaks, Tomhave does expect privacy to be a major theme at the conference, especially after the International Association of Privacy Professionals (IAPP) stepped in to fill the open training spots vacated by Open Web Application Security Project, which backed out in protest of RSA's alleged NSA dealings.
Additionally, two new session tracks will debut in 2014: "Analytics and Forensics" and "Security Strategy." Forensics is a notable addition in light of the numerous recent reports that show organizations are unable to detect ongoing attacks in their environment or to even determine the extent of an attack after the initial discovery.
Cloud security will again be a major theme at this year's show, starting with the Cloud Security Alliance Summit pre-RSA event on Monday. Along with the usual array of sessions covering how to secure data in cloud environment, multiple talks specifically promise to offer security professionals advice on how to automate security tasks in the cloud. Tomhave was unsurprised that cloud computing continues to be a key topic of interest, especially as both vendors and cloud providers put more focus on security benchmarks such as SOC 2 and SOC 3 reports, as well as FedRAMP.
"We're starting to slowly see the impact of the SSAE 16 reports coming out, SOC 2 and SOC 3 in particular," Tomhave said. "So, the vendors and the cloud providers are actually having to go through that. FedRAMP, to a lesser degree, is also starting to impact cloud providers."
Mobile device security continues to plague many enterprises, especially those that have yet to adopt official bring your own device policies. The RSA track for mobile device security offers several sessions on the problematic area of mobile app security, covering everything from keyloggers targeting mobile banking apps to the securing of data within mobile apps.
While some might suggest today's pervasive social media landscape makes information sharing easier and lessens the need to travel to an event like the RSA Conference, Tomhave said he always enjoys the plethora of sessions available, but that he ultimately looks to establish key contacts that may not otherwise be made.
"Oh, there is a lot of value in those connections. There's a lot of business done that week. Those face-to-face connections are really important, especially for partnerships," Tomhave said. "There is such a premium on integration and working with your consultants and system integrators these days, I think that's where we're going to continue to see a lot of movement."