RSAC

Gearing up for RSA 2015
Join us as we preview the hottest security trends in 2015 and gear up for RSA 2015
   10 years ago
#RSACInsight from RSA 2015Join us as we discuss the key trends and insight coming out of this year’s RSA 2015 event.
Top Votes
John Furrier
Q: Cloud vs. other mobile solutions for the mobile workspace – why someone would use the cloud as opposed to solutions like secure USBs
[+] Show Hidden Comments
[-]
Douglas Gourlay
I can't drop the cloud in a gutter...
[-]
Michael Osterman
@dgourlay Or leave it at a TSA checkpoint
[-]
Leon Brown
Convenience and centralized management/authority are big selling points of the cloud. The challenge is balancing that with convenience of local device security and performance - I can't do Excel in a browser.
[-]
John Furrier
Mobile security session looks interesting @barracuda we should get BJ Jenkins on @beege15 the chat https://www.rsaconfe...
[-]
Douglas Gourlay
but I can also control who has my USB key and I have to trust a 3rd party with no real audit optics I can see when I trust the cloud...
[-]
Michael Osterman
@leonnyan Local is preferable in the current model, but vendors like MS, Google, IBM would increasingly prefer users to do so. Excel in the cloud is the way that MS is going.
[-]
Ken Jones
sure but if you are on an airplane, access to the cloud is not an option or slow (even though you are in the cloud)
[-]
Marina Donovan
@dgourlay you can control who is using it and manage their USB key with IronKey.
[-]
Douglas Gourlay
There are a set of services that will be highly unlikely to make it into the cloud though and will always be on-prem or at least privately hosted..
[-]
Douglas Gourlay
@Marina__Donovan Oh I know - and that is awesome. My only point is I can drop it and lose it. It is much harder to lose my cloud :)
[-]
Michael Osterman
@dgourlay Which services do you think will be most unlikely to go to the cloud?
[-]
Leon Brown
@mosterman The preference today for hub-and-spoke clouds today I agree - very on-trend. But, what happens when I have 1TB of local storage on my portable device? Why would I use a centralized storage hub from a 3rd party vendor?
[-]
Douglas Gourlay
@mosterman I'll probably differentiate unlikely to from never will - but ones I would want to keep control over - DNS, Single-Sign On/AD, etc. Biz apps depend more on the nature of the regulatory environment and the skillset of your team...
[-]
Paul Gillin
I once found a USB drive in an airport lounge that had was loaded with account numbers and personal financial info. Secure USB requires that people actually implement the security mechanisms.
[-]
Ken Jones
and back up an encrypted image of your device is you are worried about losing it. that is safe in the cloud
[-]
John Furrier
@pgillin great point Paul. The human error component is huge how does that get managed. Iphones have biometrics now is there a way to do this?
[-]
Michael Osterman
@pgillin @furrier Users will continue to be the weak link in the security chain no matter what vendors or IT do to enhance security. And, since it takes only one user to make a mistake, the problem will continue.
[-]
Marina Donovan
If organizations deploy secure USB like #IronKey, that can be managed. Your bases are covered. We manage the device and can remotely disable.
[-]
Michael Osterman
@Marina__Donovan @furrier That points to the critical nature of keeping IT in the loop and in charge of security even in an era of BYOD/A/C
[-]
Douglas Gourlay
John, think about two-man rules as well to address human error, human compromise. For fun Google Cisco's former SE: Terry Childs
[-]
Bert Latamore
@Marina__Donovan You can disable the USB drive when it is not plugged into something?
[-]
John Furrier
@dgourlay @Marina__Donovan crypto keys have the same idea
[-]
Marina Donovan
You need to plug in device and try connect to Internet. If it's been reported as lost or stolen, IT can remotely disable.
[-]
rolfwagnerjr
@mosterman security in the user workflow and ease of use play a key part in giving the end user a secure foundation. IT always plays catch up in todays world. Security imbedded (and transparent) in the user workflow is key.
[-]
rolfwagnerjr
Biometric offer speed of use for end users ensuring security is used on the device, BUT, biometrics have targeted applications.
[-]
Jeff Frick
@leonnyan > Only a matter of time. Google Docs work pretty well in a browser
[-]
John Furrier
@rolfwagnerjr I wonder the new biometrics with integrated sw - again i'm not an expert in biometrics but it's awesome on iphone
John Furrier
Welcome to the #RSA2015 CrowdChat preview of @RSAConference with guests @Marina__Donovan @dgourlay and myself
[+] Show Hidden Comments
[-]
John Furrier
I'm tweeting from Palo Alto, CA
[-]
Marina Donovan
Excited to be here and get the conversation going
[-]
Douglas Gourlay
I just landed in Washington DC, Dulles actually - greetings from Reston, VA
[-]
Michael Osterman
Greetings from sunny Seattle
[-]
Douglas Gourlay
I figure you cannot have a security chat without someone near DC listening - or speaking...
[-]
Marina Donovan
hi from Campbell, CA
[-]
Ariana Gradow
Thanks
[-]
Ariana Gradow
good to be here
[-]
Douglas Gourlay
So John, what is the hottest topic/technology going to be this year?
[-]
Marina Donovan
Use @ to reply
[-]
Marina Donovan
a long standing issue is the concern about insider threats
[-]
Marina Donovan
a la snowden
[-]
Michael Osterman
IMO, a key issue will be well-intentioned insider threats: employees using file sync and share tools, leaks from geolocation data, BYOD, etc.
[-]
Douglas Gourlay
@Marina__Donovan no single user or user credential should be empowered to destroy an enterprise or compromise too much data
[-]
Douglas Gourlay
@mosterman I wonder why we trust users at all... ;) We users do really stupid things - IT would be so much easier without them...
[-]
Michael Osterman
Another key issue will be phishing - an increasingly top of mind issue, particularly given the recent White House data leak that started with a successful State Dept. phishing incursion
[-]
Michael Osterman
@dgourlay Good point!
[-]
Douglas Gourlay
@mosterman Why don't we just treat all users on campuses, branches, etc just like they were at Starbucks or Home - require hardened policy enforcement point/proxies to get in/out...
[-]
Michael Osterman
Would users balk at that and be driven even more to personally owned devices, apps, etc.?
[-]
Michael Osterman
@dgourlay Would users balk at that and be driven even more to personally owned devices, apps, etc.?
[-]
Douglas Gourlay
@mosterman Some senior government officials seem to use BYOD or BYO Server exclusively... Most Silicon Valley corp types do now too :)
[-]
Michael Osterman
@dgourlay @furrier I believe that IT has more or less acquiesced to BYOD/A/C and are increasingly becoming strategic advisors, not system managers in their attempt to maintain security
[-]
Douglas Gourlay
@mosterman They may balk at it, or they may embrace it... Are users using their own phones/iPads/Macbooks a bad thing or a good thing? Jury may still be out...
[-]
Michael Osterman
@dgourlay @furrier Probably good and bad in most organizations: users can be more efficient, but it puts the onus on IT to become more proactive from a security perspective. They need to take on more of an advisory and leadership role.
[-]
rolfwagnerjr
@mosterman IT needs to define the sandbox for employees to work in. Totally agree. But the sandbox becomes mixed with BYOD.
[-]
John Furrier
@rolfwagnerjr what's the implications of this mixing with BYOD? is it a config or versioning issue
[-]
Jeff Frick
@dgourlay > Makes perfect since, since they usually are.
.@starbucks
[-]
rolfwagnerjr
config, yes. versioning, yes. Privacy mix becomes an issue, work privacy and personal privacy.. becomes complicated.