In our Guide to Cloud Security at RSA, we highlighted a few topics we expected to receive major attention at the conference. Cloud Security was in fact the topic du jour and the speakers and content did not disappoint. Let’s see what attendees discussed at the conference via Twitter.
With the average organization’s employees using 923 cloud services, cloud security was bound to take center stage. An interesting discussion took place between Ben Rothke of Nettitude and Steven Fox, formerly of the US Department of Treasury about the shared liability model of risk in cloud computing. Both security professionals agree that the customer always retains a certain degree of responsibility for data, even when that data is outsourced to a cloud provider. For example, enterprises are responsible for preventing data theft from compromised accounts, in which a user’s password is stolen, or insider threat, in which a user with legitimate access to a cloud service abuses their access.
— Steven F. Fox (@securelexicon) April 23, 2015
Further to this point, Theresa Payton of Fortalice drove home the importance of the human element in security. The user centric IT movement has gained steam recently, and security is at the forefront as companies wake up to the importance of frictionless security solutions. Not surprisingly, security pros shouted this message from the mountaintop at RSA.
— Fortalice Solutions (@FortaliceLLC) April 23, 2015
JP Morgan Chase is a leader in securely enabling their employees, according to James O’Shea of RBC. He hits the head on the nail with his comment: forward-thinking organizations address security and productivity hand in hand. The analogy comes to mind of brakes on a car. While technically brakes slow the car down, their purpose is to allow drivers to go much faster.
— James P. O'Shea III (@jposhea3) April 24, 2015
Former FinCo CISO Daniel Kennedy pointed out a key finding from 451 Research Analyst Adrian Sanabria’s presentation: third-party security nearly doubled in prominence from 2013 to 2014. Recent studies have revealed cloud as the hub connecting organizations, with the average enterprise connecting to 1,555 business partners via cloud services. A significant 8% of these partners are high-risk, meaning their internal security environment is not a reliable depository for your corporate data.
— Dan Kennedy (@danielkennedy74) April 21, 2015
We had also spotlighted the boardroom perspective on security as a prevalent topic at RSA, and, sure enough, presenters in this track delivered their sessions to packed houses at the conference. One of the driving factors behind the board’s increased attention to cybersecurity? The almighty dollar – or, more specifically, revenue and stock prices. FTSE CISO Jared Carstensen shared the data point that 80% of investors declined to invest in an organization if it had been hacked or had poor security.
— Jared Carstensen (@jaredcarstensen) April 21, 2015
Finally, leading security companies showed off their next-generation solutions, and there were several common areas of development from a technological standpoint. Companies including Skyhigh are leveraging machine-learning algorithms to analyze anomalies indicative of high-risk behavior such as compromised accounts and insider threat. Barclays CISO Troels Oerting confirmed this trend with an article on AWS’s new machine learning feature. Will Amazon coin the term Machine Learning as a Service (MLaaS)? Advancements in this technology offer security teams the ability to keep up with the overflow of information stemming from the consumerization of IT.
What Machine Learning Can Bring to IT Security. http://t.co/4ZGxiboBRn
— Troels Oerting (@TroelsOerting) April 22, 2015