RSAC

Gearing up for RSA 2015
Join us as we preview the hottest security trends in 2015 and gear up for RSA 2015
   9 years ago
#RSACInsight from RSA 2015Join us as we discuss the key trends and insight coming out of this year’s RSA 2015 event.
John Furrier
Q: What trends from this list are most important? Internet of Things, Supply Chain risk, Threat Intelligence Sharing, Identity Management, Cyber Crime, Mobile Law, Government Policy, Analytics and Forensics, BYOS, Security Operations Center
Douglas Gourlay
Identity management system compromise was the root cause of most major expansion and data theft we read about last year...
Michael Osterman
IoT for the future, but supply chain risk at present. The Target breach is a good example of the latter given the lack of control that exists in the supply chain.
Leon Brown
I agree with @dgourlay - Identity Management is huge right now; it impacts all other items
John Furrier
@dgourlay It's interesting to lay out the topic and figure out dependencies - Identity seems to be a big one around the trust equation
Michael Osterman
To what extent will big data analytics to provide situational awareness be key in improving security? We can do that very well right now, but most don't.
Marina Donovan
@dgourlay - Lost or stolen devices (USB and laptops) were the number one source of data breaches in healthcare last year.
Paul Gillin
IBM just released a 700TB database of information on threats, malware, known security breaches for researchers to use for free.. I wonder if people think that will be useful? http://ow.ly/LHyb3
Douglas Gourlay
@Marina__Donovan That doesn't surprise me one bit...
Marina Donovan
@dgourlay - The lost or stolen device breach is one that can be easily managed.
Douglas Gourlay
back to your list John - I think secured logging as part of your SOC is critical. Bad actors shouldn't be able to erase footprints...
Ken Jones
@pgillin Opendns has provided hugely useful data for years
Leon Brown
@mosterman Trend analysis against network traffic is big, as is analysis app behavior to identify potential malware. Going forward? GPS derived LBS coupled with access/transactional data might prove informative
Marina Donovan
@dgourlay We also provide USB workspaces with #WindowsToGo that can be managed. This is a laptop replacement and great for contractors and #BYOD.
John Furrier
the billion dollar question: In this list above what are the disruptive enables for companies and what outcomes do customers get???
Michael Osterman
@Marina__Donovan It's the most secure solution because it solves the dual issues of keeping IT in control and negating the potential for user errors.
John Furrier
We have some great guests today: @Marina__Donovan @leonnyan from #IronKey and @dgourlay from SkyPort Systems (new startup coming out of stealth). Folks share with the crowd what you're working on and key value prop.
Leon Brown
I make secure mobile Workspaces that allow you to run full Windows apps or use as 'secure endpoint' for on-line apps, VPN and VDI clients. And our EMS management systems to track, administer or remotely detonate devices.
John Furrier
I don't think @dgourlay can talk about his company ; Doug what's public about Skyport Systems other than the money your raised.
Douglas Gourlay
well, I have some canned boilerplate I can probable paste here :)
Crowd Captain
some great info on @IronKeySecurity here from last week chat -with their top folks https://www.crowdcha...
Douglas Gourlay
but we are taking a pretty different approach from what I have seen - a Hyper-Secured Infrastructure solution designed to bring together compute, policy, virtualization, and security.
John Furrier
SiliconANGLE covered the news tried to piece your story together http://siliconangle....
John Furrier
I am intrigued by SkyportSystems.com bc the mgt team are a bunch of old industry vets who hit home runs in past ventures; it's like a dream team of players; pressure is on guys
John Furrier
Can you teach an old dog new tricks..cloud is a young mans game - OH in Silicon Valley
Douglas Gourlay
The best way to learn to hit a home run is to learn to hit a single first and get on base a few times... You learn to avoid swinging it un-hittable pitches
Michael Osterman
@dgourlay Tell that to the Mariners...please!
Jeff Frick
@leonnyan > With increasingly better access, seems like devices will evolve into access point, not actually holders of the files/data.
John Furrier
Q: Cloud vs. other mobile solutions for the mobile workspace – why someone would use the cloud as opposed to solutions like secure USBs
Douglas Gourlay
I can't drop the cloud in a gutter...
Michael Osterman
@dgourlay Or leave it at a TSA checkpoint
Leon Brown
Convenience and centralized management/authority are big selling points of the cloud. The challenge is balancing that with convenience of local device security and performance - I can't do Excel in a browser.
John Furrier
Mobile security session looks interesting @barracuda we should get BJ Jenkins on @beege15 the chat https://www.rsaconfe...
Douglas Gourlay
but I can also control who has my USB key and I have to trust a 3rd party with no real audit optics I can see when I trust the cloud...
Michael Osterman
@leonnyan Local is preferable in the current model, but vendors like MS, Google, IBM would increasingly prefer users to do so. Excel in the cloud is the way that MS is going.
Ken Jones
sure but if you are on an airplane, access to the cloud is not an option or slow (even though you are in the cloud)
Marina Donovan
@dgourlay you can control who is using it and manage their USB key with IronKey.
Douglas Gourlay
There are a set of services that will be highly unlikely to make it into the cloud though and will always be on-prem or at least privately hosted..
Douglas Gourlay
@Marina__Donovan Oh I know - and that is awesome. My only point is I can drop it and lose it. It is much harder to lose my cloud :)
Michael Osterman
@dgourlay Which services do you think will be most unlikely to go to the cloud?
Leon Brown
@mosterman The preference today for hub-and-spoke clouds today I agree - very on-trend. But, what happens when I have 1TB of local storage on my portable device? Why would I use a centralized storage hub from a 3rd party vendor?
Douglas Gourlay
@mosterman I'll probably differentiate unlikely to from never will - but ones I would want to keep control over - DNS, Single-Sign On/AD, etc. Biz apps depend more on the nature of the regulatory environment and the skillset of your team...
Paul Gillin
I once found a USB drive in an airport lounge that had was loaded with account numbers and personal financial info. Secure USB requires that people actually implement the security mechanisms.
Ken Jones
and back up an encrypted image of your device is you are worried about losing it. that is safe in the cloud
John Furrier
@pgillin great point Paul. The human error component is huge how does that get managed. Iphones have biometrics now is there a way to do this?
Michael Osterman
@pgillin @furrier Users will continue to be the weak link in the security chain no matter what vendors or IT do to enhance security. And, since it takes only one user to make a mistake, the problem will continue.
Marina Donovan
If organizations deploy secure USB like #IronKey, that can be managed. Your bases are covered. We manage the device and can remotely disable.
Michael Osterman
@Marina__Donovan @furrier That points to the critical nature of keeping IT in the loop and in charge of security even in an era of BYOD/A/C
Douglas Gourlay
John, think about two-man rules as well to address human error, human compromise. For fun Google Cisco's former SE: Terry Childs
Bert Latamore
@Marina__Donovan You can disable the USB drive when it is not plugged into something?
John Furrier
@dgourlay @Marina__Donovan crypto keys have the same idea
Marina Donovan
You need to plug in device and try connect to Internet. If it's been reported as lost or stolen, IT can remotely disable.
rolfwagnerjr
@mosterman security in the user workflow and ease of use play a key part in giving the end user a secure foundation. IT always plays catch up in todays world. Security imbedded (and transparent) in the user workflow is key.
rolfwagnerjr
Biometric offer speed of use for end users ensuring security is used on the device, BUT, biometrics have targeted applications.
Jeff Frick
@leonnyan > Only a matter of time. Google Docs work pretty well in a browser
John Furrier
@rolfwagnerjr I wonder the new biometrics with integrated sw - again i'm not an expert in biometrics but it's awesome on iphone