RSA Wrap-up, Part 2
Given that it's the largest security trade show in world, we thought one day of RSA wrap-up couldn't cover the breadth and depth of the show. Here's a round-up of some other notable trends that emerged from the show. And here's to staying safe until RSA 2013.
The 2011 Global Encryption Trends Study was published during RSAC 2012. Sponsored by Thales and conducted by the Ponemon Institute, the reveals that encryption is now seen as a strategic issue and that organizations are increasing their investment in encryption across the enterprise.
The study shows that the CIO, CTO or IT leader still tends to be the most important figure in deciding encryption strategy (39% of respondents), but non-IT business managers have an increasing role in determining that strategy (more than doubling since 2005 to 21% of respondents), demonstrating that encryption is no longer seen as just an IT issue but one that affects an entire organization.
The main drivers for deploying encryption solutions are to protect brand reputation (45%) and lessen the impact of data breaches (40%). Compliance is also a major driver for using encryption with 39% of respondents saying it is to comply with privacy or data security regulations and requirements.
Compliance is also driving increased budgets with the highest IT security spend dedicated to data protection in countries that rank compliance as the most important driver for encryption. Compliance is in fact the number one driver for using encryption in the US, UK and France. - Steve Ragan, Security Week. See full article here.
- iOS is cool, Android is not, and BlackBerry is dead: That’s not to say BlackBerry is gone, but it’s just a matter of time, as almost everyone in the room was migrating to another platform. It’s also not that Android isn’t showing up on corporate networks – it is, but with caveats. We’ll get to that. iOS is generally accepted as okay, mostly because of the way the App Store screens applications prior to availability.
- Everyone has policies. Most are not enforced. We spent a good portion of the session talking about policies, and everyone agreed that documenting policies is critical. Though enforcement of these policies is clearly lagging, especially for senior folks. But any employee seems to know the corporation can wipe their device, and many folks at the show have wiped devices, and even got a thank you from the user (who actually appreciated their help.) Wait, what? Yes, employees were happy the corporation wiped the device. That’s a security win.
- MDM is still young: Almost everyone was looking at something to manage devices. But most of the solutions weren’t enterprise-class yet. This is going to be a huge market and there will be a lot of competition, so don’t sign long-term deals.
- Good Technology is everywhere: One of the caveats of using these smartphones is using something like Good to create a sandbox, so employees can only access corporate data through that secured app. Most were using it for email, and some have extended it to proxying other apps, even on Android. So they’ve basically reduced corporate use of smartphones to a single app, but it seems to work. I’m sure Motorola is ecstatic they spun Good out a few years ago. --Mike Rothman, Securosis. See full post here.
The RSA security conference took over downtown San Francisco this week with thousands of attendees packing vendor parties at restaurants and clubs. The festivities were a throwback to the heady days of the Internet boom, when venture capitalist funds fueled a bubble that burst in 2000 after years of hype surrendered to an inability to generate profits. - Antone Gonsalves, CRN. See full article here.