The RSA security event was hosted last week in San Francisco. Circa 40000 people converged together at the immense Moscone Centre to understand information security challenges & solutions old, new and very very new that may help to protect and defend us all in an increasingly complex digital world.
The core thread of this year’s event, the “Human Element” is the most important aspect of the IT security world. Human behaviour guided by a proactive security persona can deliver positive defence against all but the most focussed and complex attacks. However, humans are equally the ideal vector targeted for compromise to ensure attacks are successful.
The recent virus outbreak of Covid-19 (Coronavirus) did affect the RSA event in numerous ways. For the first time a number (not many) of large segments of floor space remained empty based on the last minute withdrawal of a handful of security vendors. The normal on stand giveaways contained a “must have” in various forms and packages – “hand sanitizer” (thankfully something finally got rid of stress balls). The fear of virus transmission via handshakes was highly evident with a ” will they, won’t they” shake hands mental dance undertaken by many even with hand sanitizer available to minimize the spread of the virus. I fear the fist and elbow bumping used by many continue through the year (please “no”).
With so many vendors, activities, people sensory overload quickly overtook physical tiredness. The “Human Element” remained the key theme for the event but wasn’t alone as the main story. All attendees will summarise their own event messaging take aways based on their own rationale for attendance but the following resonated from my personal perspective.
- The “Human Element” of course
- Security automation
- The impact of threat intelligence (fundamental)
- Next generation security operations
- The growing importance of the Mitre framework
- Device, connection and person security visibility
- Cloud & application development secure outcomes
- The benefits of a platform approach to security architecture
There were many many more topics than the eight above, but I noticed they were most prominent from my perspective in the underpinning storyboards of many vendors.
It was pleasing to see increased numbers of vendors reinforcing optimum security is not about prevention or detection but instead both with accelerated remediation to a known good state the ultimate security operational goal. It is impossible to prevent all inbound attacks especially when “the Human Element” remains the most important and accessible part of the digital engagement chain. Simplification, enhanced visibility, a dynamic platform plus a single page view integrating all vendors must be the essential goal for any vendor aiming for mastery.
I have mentioned a few times on these pages the benefits to all of “brilliant basics”. It’s time for us to strive for operational simplicity always (automation can help) to make a secure outcome, the default outcome for the system or application user whether it is a person or a “thing”. The user should not need to consider “switching on security” for a particular task or outcome, it must be inherent, automatically appear (ideally invisibly) and protect the user activity by design. We can do this today in both application development and security operational delivery environments but in too many cases allow culture and traditional ways of working to stall our progress towards a secure by default digital world. Synergy is the way forward to ensure a win win for all.
In summary the RSA security event remains a “must attend” event for anyone in enterprise information technology and security operations. The focus by attackers using the “Human Element” as the most effective control stack to breach should highlight to all that simplicity, knowledge and potentially automation of security controls to empower those same humans will ensure they become the first & best line of defence. We must be on our guard. Be aware on this same note, large scale email phishing campaigns with information updates about Covid-19 are circulating in the wild and starting to have an impact as increased numbers of curious users engage to gain more information. Turn up your defences, warn and educate yourself and your users.
The “Human Element” is without doubt the most important element in the security chain – working together we can also make it the strongest one.
Until next time.
Business Line CTO Computacenter UK (Networking and Security)