Feet on the Street: RSA Highlights Cloud and Cybersecurity

This week, several members of the SailPoint team made the annual trek to the industry’s biggest security event, the RSA Conference. As always, the conference was a high-paced mix of conference sessions, technology debates, and meetings with customers and partners.

I’m always interested in what themes get the most play at RSA. This year, I’d have to say that “the cloud” wins the contest hands-down. Cloud computing was ubiquitous – a centerpiece of most keynote addresses, a feature on booth signage throughout the show floor, and not surprisingly, the butt of quite a few jokes (example: let’s do a tequila shot every time we hear the word “cloud”).

In the show’s opening keynote, RSA’s CEO Art Coviello declared cloud computing “the most over-hyped but underestimated phenomenon in history” (borrowing a phrase from Nicholas Negroponte). Coviello went on to say that cloud computing presents us all with the rare opportunity for a “do over” – to be present at the rollout of a new wave of computing with security built-in from the get go. I have to admit I raised my eyebrows at this turn of phrase. I predict that the evolution toward cloud computing will be moderated and incremental – and not a “do over” by anyone’s definition.

Another interesting observation about this year’s show is the continued (and perhaps even bigger) blend of public and private sector speakers. Past years’ shows have featured Michael Chertoff, Melissa Hathaway, and Al Gore. This year’s speakers included Secretary of Homeland Security Janet Napolitano, Howard Schmidt, the U.S. cybersecurity coordinator appointed by President Obama in December, and Robert Mueller, director of the FBI. On Tuesday, Schmidt presented a keynote address and hosted a heavily-attended town hall meeting. In both of these venues, he conveyed a very measured and pragmatic approach to addressing the cybersecurity responsibilities of the federal government. He said more than once “there is no silver bullet.”

During an entertaining Q&A session with the audience, Schmidt revealed the following about his agenda:

  • He’s not a proponent of more regulation to drive better security practices. The one exception he mentioned was the area of data breaches (where there is pending legislation).
  • He assured the audience that any measures taken by the Fed will respect privacy and civil liberties issues.
  • He admitted that the Federal Information Security Management Act (FISMA) is archaic and needs to be changed. He mentioned that some changes are being rolled out this year.
  • He believes that we, as a society, are making real progress with cybersecurity. He pointed out that there are fewer devastating attacks and service disruptions than in previous years.

Unfortunately, Schmidt’s position is made all the more challenging by the bureaucracy and interest groups he will have to navigate in Washington – it’s not just a matter of fixing problems and fighting the bad guys. On a positive note, the amount of focus being put on the issue of cybersecurity at the federal level can only be a good thing.