As I met with people at RSA Conference last week, the common question was: What was interesting and new? My view was from the world of virtualization and cloud security, which often differs from general or mobile security. This show was more about general and mobile security than it was about virtualization and cloud security due to the confluence of VMware Partner Exchange (PEX) and RSA Conference. There were quite a few things that were new from the show floor, RSA Innovation Sandbox, and other conversations.
What was Interesting at RSA Conference
There were several things that caught my eye at RSA Conference, in temporal order they were:
- Sky High Networks at RSA Innovation Sandbox (they demonstrated their Cloud Service Discovery and Rating system)
- Bromium at RSA Innovation Sandbox (they discussed support for MacOS X and Andriod devices)
- The HyTrust Announcement of being awarded 3 patents and the fact that their name was on every single RSA Conference badge.
- HyTrust has competition in the form of Xceedium. Xceedium not only protects access to management constructs but also to the guests themselves. It could also be used besides HyTrust, perhaps cooperation if you already own HyTrust.
- Cloud Security Alliance summit where Homeland Security insisted we need to share threat data across all organizations (public and private) and Dave Asprey of Trend Micro explained who was ultimately responsible for cloud security (The Data Owner).
- The show floor was much larger this year, so much space was assigned to booths that there was an overflow room under the escalators.
- Mitre was talking about their STIX and TAXII standards for transferring threat data within and between organizations, pretty much what Homeland Security insisted upon.
- The Edges of the show floor seemed to be visited more than the center
- NetCitadel’s One Control as a single enforcement point for security policy (plus much more planned)
- There were a growing number of tools that presented solutions that cross devices: mobile, data center, virtualization, and cloud (ala Symantec, Trend Micro, BitDefender, RSA, etc.)
- Nearly each country was represented from Canada to China.
- Secure file transfer was all around the show floor all trying to either augment or become the next Dropbox
Some things do not change
But other than what was new, was the discussions about things that seemingly do not change:
- The low hanging fruit of virtualization security, segregate your management constructs, is still not understood well
- There is an antagonistic attitude between virtualization and cloud management folks and security folks with one (security) saying do something and the other (virtualization) delaying or ignoring
I am actually not surprised by these items but a bit disappointed. What is good about this, is that the conversations continue. There is quite a bit of collateral available for education from this site and others.
Conclusion
While this was the biggest RSA Conference I have attended, many conversations were the same from years ago. Yet the question of what was interesting at the show differs from person to person. Most interesting to me outside of companies and announcements was the ongoing dialog about virtualization and cloud security. These conversations I continue to enjoy.