RSAC

Gearing up for RSA 2015
Join us as we preview the hottest security trends in 2015 and gear up for RSA 2015
   9 years ago
#RSACInsight from RSA 2015Join us as we discuss the key trends and insight coming out of this year’s RSA 2015 event.
Timeline
John Furrier
Q: Cloud vs. other mobile solutions for the mobile workspace – why someone would use the cloud as opposed to solutions like secure USBs
[+] Show Hidden Comments
[-]
Douglas Gourlay
I can't drop the cloud in a gutter...
[-]
Michael Osterman
@dgourlay Or leave it at a TSA checkpoint
[-]
Leon Brown
Convenience and centralized management/authority are big selling points of the cloud. The challenge is balancing that with convenience of local device security and performance - I can't do Excel in a browser.
[-]
John Furrier
Mobile security session looks interesting @barracuda we should get BJ Jenkins on @beege15 the chat https://www.rsaconfe...
[-]
Douglas Gourlay
but I can also control who has my USB key and I have to trust a 3rd party with no real audit optics I can see when I trust the cloud...
[-]
Michael Osterman
@leonnyan Local is preferable in the current model, but vendors like MS, Google, IBM would increasingly prefer users to do so. Excel in the cloud is the way that MS is going.
[-]
Ken Jones
sure but if you are on an airplane, access to the cloud is not an option or slow (even though you are in the cloud)
[-]
Marina Donovan
@dgourlay you can control who is using it and manage their USB key with IronKey.
[-]
Douglas Gourlay
There are a set of services that will be highly unlikely to make it into the cloud though and will always be on-prem or at least privately hosted..
[-]
Douglas Gourlay
@Marina__Donovan Oh I know - and that is awesome. My only point is I can drop it and lose it. It is much harder to lose my cloud :)
[-]
Michael Osterman
@dgourlay Which services do you think will be most unlikely to go to the cloud?
[-]
Leon Brown
@mosterman The preference today for hub-and-spoke clouds today I agree - very on-trend. But, what happens when I have 1TB of local storage on my portable device? Why would I use a centralized storage hub from a 3rd party vendor?
[-]
Douglas Gourlay
@mosterman I'll probably differentiate unlikely to from never will - but ones I would want to keep control over - DNS, Single-Sign On/AD, etc. Biz apps depend more on the nature of the regulatory environment and the skillset of your team...
[-]
Paul Gillin
I once found a USB drive in an airport lounge that had was loaded with account numbers and personal financial info. Secure USB requires that people actually implement the security mechanisms.
[-]
Ken Jones
and back up an encrypted image of your device is you are worried about losing it. that is safe in the cloud
[-]
John Furrier
@pgillin great point Paul. The human error component is huge how does that get managed. Iphones have biometrics now is there a way to do this?
[-]
Michael Osterman
@pgillin @furrier Users will continue to be the weak link in the security chain no matter what vendors or IT do to enhance security. And, since it takes only one user to make a mistake, the problem will continue.
[-]
Marina Donovan
If organizations deploy secure USB like #IronKey, that can be managed. Your bases are covered. We manage the device and can remotely disable.
[-]
Michael Osterman
@Marina__Donovan @furrier That points to the critical nature of keeping IT in the loop and in charge of security even in an era of BYOD/A/C
[-]
Douglas Gourlay
John, think about two-man rules as well to address human error, human compromise. For fun Google Cisco's former SE: Terry Childs
[-]
Bert Latamore
@Marina__Donovan You can disable the USB drive when it is not plugged into something?
[-]
John Furrier
@dgourlay @Marina__Donovan crypto keys have the same idea
[-]
Marina Donovan
You need to plug in device and try connect to Internet. If it's been reported as lost or stolen, IT can remotely disable.
[-]
rolfwagnerjr
@mosterman security in the user workflow and ease of use play a key part in giving the end user a secure foundation. IT always plays catch up in todays world. Security imbedded (and transparent) in the user workflow is key.
[-]
rolfwagnerjr
Biometric offer speed of use for end users ensuring security is used on the device, BUT, biometrics have targeted applications.
[-]
Jeff Frick
@leonnyan > Only a matter of time. Google Docs work pretty well in a browser
[-]
John Furrier
@rolfwagnerjr I wonder the new biometrics with integrated sw - again i'm not an expert in biometrics but it's awesome on iphone
John Furrier
Open Question: Who will be the disruptors and who will be disrupted in the vendor landscape as customer are spending tons on security ...
[+] Show Hidden Comments
[-]
Marina Donovan
Illumio
[-]
John Furrier
@Marina__Donovan I wonder if it's a winner takes all if their are "religious" technical architectures in play.. can coexistence happen in the security model for cloud?
[-]
Ken Jones
security is a layered architecture. the more layers the "safer" you are
[-]
Douglas Gourlay
Illumio can definitely co-exist with a variety of tech. I think coexistence is necessary for customers to even think of deploying
[-]
John Furrier
@Ken_Jones_IK layered is great but what about overhead and data heterogenous data silos - can they work well - or is that a non-issue with more compute and flash storage?
[-]
Ken Jones
overhead sells CPU cycles and there is an ever increasing amount of that
[-]
Michael Osterman
Will those CPU cycles be delivered increasingly from the cloud?
[-]
Ken Jones
both - things run faster with local clients even with cloud apps.
[-]
Douglas Gourlay
@Ken_Jones_IK concur - a good example is why Kayak on my phone is often faster than Kayak Website on my phone. Right function in the right place for the right access model.
[-]
Ken Jones
@dgourlay using a generic browser to access complex apps is not productive for users. clouds will work best with intelligent clients that can provide better user experience. eg MS OWA
[-]
rolfwagnerjr
@dgourlay Mobile is the future, using native apps. Facebook learned this the hard way.
John Furrier
Q: What does the sponsor list tell you about the event; key sponsors and more than 350 exhibitors, including Napatech, Ixia, Intel, Splunk, Cisco, FireEye, CA Technologies, Bromium, Damballa, the FBI, MITRE, Northrop Grumman, NSA, Palo Alto Networks
[+] Show Hidden Comments
[-]
John Furrier
pretty diverse set of companies - is FireEye and Cisco competing?
[-]
Leon Brown
Big interesting SIEMs and networks security
[-]
Marina Donovan
seems like similar vendors from years in the past. with all of the high profile breaches, I think you will see more customers engaged and looking for solutions.
[-]
John Furrier
We had End User Computing CrowdChat yesterday and VDI didn't come up once - is VDI still viable or is it just being embedded into the fabric of security or software stack
[-]
Douglas Gourlay
As a new security company I have to say customer interest is exceptionally high as is appetite for novel and interesting solutions. New vendors are getting some airtime and ear-time from customers
[-]
Michael Osterman
I believe VDI is still quite viable
[-]
Marina Donovan
@dgourlay right. FireEye was featured on 60 Minutes last week and so was Cylance.
[-]
Douglas Gourlay
@mosterman Agree- VDI may have transcended to 'it works and is in use, so why discuss too much' It's a well deployed tech now...
[-]
John Furrier
. @dgourlay as newly funded startup what is your take on the incumbent players both hardware (Cisco et al ) and software (FireEye et al)
[-]
Douglas Gourlay
@Marina__Donovan I want FireEye's PR team :) Kara does a phenomenal job over there...
[-]
John Furrier
@Marina__Donovan I saw that 60 min segment - the sony story - important story
[-]
Marina Donovan
VDI needs better security for the endpoint with mobile workers.
[-]
Stuart Miniman
@dgourlay there's a ton of VC money into new security ventures - from what I've seen these aren't just features/products, but fundamentally new models for addressing security in a distributed way
[-]
Douglas Gourlay
HW has been primarily focused at network edge. SW has been primarily focused on BYOD or Application Agents. I do like what FireEye gets from analytics and such out of their system
[-]
Michael Osterman
@dgourlay There will have to be new security models and those increasingly focused on the endpoint. Every day there's a new story about how new vulnerabilities are popping up - yesterday it was how terrorists could hack into aircraft systems.
[-]
John Furrier
is the future an integrated software stack with security built in or bolted on afterward?
[-]
Michael Osterman
Yes to both - security at every level. Plus, I think we will see an increased emphasis on user training as a first line of defense.
[-]
John Furrier
@mosterman I agree and to Doug's point - it's operationalized not so much hyped up as the next big thing - it's already here
[-]
Marina Donovan
@mosterman absolutely. training and reinforcement of the training is key.
[-]
Douglas Gourlay
Given the integration complexity of some of these systems (60%+ of the mkt is in integration, mgd svcs, consulting) I think full-stack systems will be the major platform players over time. Security market always rewards good niche finding though
[-]
Texiwill
The Innovation Sandbox is the place to see what is coming new. The sponsors are very diverse.
[-]
Jeff Frick
@Marina__Donovan > Always the Big 3 > People, Process & Technology
[-]
Michael Fimin
@dgourlay It's all about integrations and open APIs nowdays, since no single vendor can deliver all and no single customer wants to be locked in one vendor system.