RSA Conference Focused On Practical Security Advice

From data protection to cloud computing to application development, this year’s RSA Conference is keeping an eye toward practical strategies for dealing with today’s cyber-threats.

The conference, which will run from 1 March to 5 March at the Moscone Center in San Francisco, has expanded this year to include 250 sessions across a total of 18 class tracks. Two of the class tracks—’Data Security’ and ‘Security in Practice’—are brand new.

The Security in Practice is focused on helping businesses deal with the day-to-day, practical challenges of implementing security, explained Hugh Thompson, chief security strategist at People Security and Program Committee Chair of the conference. “There’s been a huge need over the last couple of years for companies to focus on where their data is, how it’s being protected and what practically companies are doing when the rubber meets the road as far as data protection,” he said during an interview with eWEEK on 24 Feb.

The Security in Practice sessions touch on subjects such as how Brazilian banks deal with issues of authentication and how one enterprise transitioned to cloud-based Web security to protect its environment.

The Data Security track, meanwhile, will take a look at the topic of data breaches. Among the topics covered: the top 10 security breaches, what to do in the event of a breach, and a discussion of a lack of cooperation between law enforcement, lawyers, regulators and the breached corporations themselves.

Also featured prominently in this year’s conference will be sessions touching on securing cloud computing environments, Thompson noted. His comment echoed thoughts from Scott Crawford, research director for security and risk management firm Enterprise Management Associates (EMA), who during a briefing with journalists on 24 Feb. said that organisations are taking a cautious approach to the cloud. In a January survey, EMA found 11 percent of more than 850 respondents stated they definitely plan to implement cloud computing in the next 12 months. Of those, 75 percent favor a private cloud model rather than a public one, he said.

“A lot of the hype relative to the adoption is perhaps somewhat out of proportion, and a good deal of the reason for this according to our research is security and risk factors,” he said. “Security risk and compliance is a top factor in choosing a cloud technology or provider reported by 54 percent of the respondents in our study. … Organisations recognise they are giving up a certain amount of control in exchange for the benefits of the cloud computing model, so this really raises the bar on the visibility into the cloud environment, manageability for cloud computing and, to the extent that organisations do have some controls, what are the means they can use to gain control of their resources in a cloud computing model.”

During the briefing, Forrester Research analyst Khalid Kark said he will be paying close attention to the security implications of what he called the consumerization of technologies in the enterprise, including the growing use of social media and Web 2.0 technologies in the workplace. “Not only are we seeing a shift in technology, but really the velocity of this change has been unprecedented,” Kark said. “We haven’t seen this amount of technology change all happening at once within security organisations.”

The conference will also feature keynotes from executives from Symantec, RSA (EMC), McAfee and other companies, as well as speakers such as FBI Director Robert Mueller III and newly appointed White House Cyber Security Coordinator Howard Schmidt.