With the Oscar award ceremony completed, the information security industry rolls out its own red carpet for its annual celebrity event, the RSA Security Conference, next week. I’ve written before about the pervasive “buzz” topics I expect to hear about next week. Here are 5 subjects I’d like to discuss:
1. Security software architecture. Enterprise software is based on technologies like transaction processing, middleware, and web services that allow individual applications to integrate into an enterprise architecture. To gain scale and efficiency, the next-generation of security software must be built on a similar software architecture foundation. IBM, McAfee, and RSA Security get this. So does Tibco which is why it acquired LogLogic. Will any other vendors talk about security software architecture at RSA?
2. Analytics algorithms. I am convinced that the industry is moving to an information-based model featuring big data security analytics. That said, CISOs don’t want to collect tens of terabytes of security data and then try to figure out what to do with it. The key to security analytics is a combination of stream processing, machine learning, statistical modeling, and nested algorithms. There is a lot of academic research in this area but little commercialization. Will vendors like Boeing/Narus, HP/ArcSight, SAIC, and Splunk get into this level of detail or hand out tee shirts instead?
3. Security visualization. Same thread as algorithms – security data visualization will move beyond pie charts and spreadsheets within the next few years. Oak Ridge and Pacific Northwest National Labs are doing a lot of work in this area. Will security vendors jump on the bandwagon?
4. The security skills shortage. I admit that I’ve done a lot of research around this topic so it is near-and-dear to me. Call me crazy but I believe this is a crucial issue that no one is talking about. I tried to do so myself by presenting my research at RSA but alas my proposal was rejected by the RSA mucky-mucks. I get it, this is not a sexy topic but an under-staffed, under-skilled cybersecurity workforce is as big a threat as anything. The bad guys are on the cutting-edge of cybersecurity offense while the defense lags further behind.
5. Hackers. This topic is better suited for Black Hat or Defcon but it should be an essential component of RSA as well. I expect cliché sound bytes describing how hacking is no longer the domain of adolescent whiz kids a la Matthew Broderick in WarGames (1983). Everyone gets this by now. What they don’t get is who the hackers are, how they are organized, and why they do what they do.
Trade shows are trade shows so you have to expect high-level conversations, marketing hype, and generous distribution of alcohol. I admit I enjoy the lighter side or RSA but I hope that the fun and frolic is balanced by serious discussions on an increasingly ominous subject.