April 20, 2009, 10:33 AM — Against an omnipresent backdrop of recession and uncertainty, IT security pros this week will gather at an RSA Conference focused on malware proliferation, protection of virtualized and cloud computing environments, and the specter of rising government involvement in their work.
Though attendance in recent years has hit 17,000, conference organizers say this year's 18th annual gathering will likely draw fewer to see and hear from some 325 vendors spread across the exhibit floor of San Francisco's Moscone Center.
One telling sign of the times: RSA Conference is extending free passes worth more than US$2,000 to 25 individuals described as "victims of corporate downsizing ... who lost their jobs due to the economic environment."
There will be no shortage of industry star power on hand.
Enrique Salem, who just this month became president and CEO of Symantec, will take the stage in a keynote address expected to delve into the exploding growth in malware and what approaches can be taken to confront it. His company just last week released its annual threat report summary, which points out unique malware specimens more than doubled in 2008.
RSA President Art Coviello, will try and rally the industry to tackle the security issues surrounding online collaboration, and mobile and cloud computing.
RSA will be announcing what it calls "Project Share," which will include offering the RSA BSAFE encryption toolkits -- specifically those used for C++ and Java applications -- for free. Such toolkits would otherwise cost tens of thousands of dollars and more. RSA is also expected to make significant announcements concerning VMware (which EMC also owns) and security.
Besides industry execs, the U.S. government will be represented in keynote presentations by Melissa Hathaway, the Obama Administration's acting director for cyberspace and Lt. Gen. Keith Alexander, director of the National Security Agency (NSA) and chief of central security services. Hathaway is expected to present the findings of the Administration's promised 60-day "Cyber Security Review," which could set a new pace for regulation and defense of networks pertaining to critical infrastructure.
NSA's Alexander will speak to the prospects for "public-private partnership" for cybersecurity. But the counterpoint is likely to come from noted writer, James Bamford, author of the "Shadow Factory" and other books about the super-secretive NSA, in his own keynote address at RSA.
Indeed, the RSA Conference is going to be a forum for the controversial theme of how far the government can or should go to take control of networks and conduct surveillance, and whether there is already something of a Cyber Cold War occurring.
Contentious issues in virtualization security will be debated by panelists that will include one of the founding fathers of software virtualization, Simon Crosby, CTO at Citrix, who helped invent open source Xen.
The security of cloud computing is a major topic at the conference, with 15 separate sessions dedicated to all aspects from cloud-based security services to identity management to legal implications.
And if the multitude of sessions at RSA isn't enough, within walking distance at a location nearby, the Jericho Forum, a user-based advocacy organization dedicated to driving improvements to security for e-commerce, will be holding its own mini-conference.
The Jericho Forum will be putting its spin on the security of cloud computing with the perhaps surprising belief that using a cloud can actually be more secure than running applications and databases out of corporate data centers.
The Jericho Forum doesn't believe that is the case today, but the potential for that level of security exists and should be pursued, says Adrian Seccombe, a member of the Jericho Forum Board of Management.
Working on a secure architecture now while cloud services are still evolving is key, he says; security can't be added later and be effective.
Essential to that architecture is the ability to wrap data up as objects that can be assigned a security value. Access to and treatment of these objects would then depend on the objects themselves rather than cloud infrastructure, Seccombe says. "The data knows who it should operate with," he says.
The conference will kick off Monday with a few focused tutorials, one being with the Trusted Computing Group (TCG), an industry organization that has designed several security specifications intended for use across vendor boundaries.
One of TCG's most important efforts has been the Trusted Platform Module (TPM) for hardware-based encryption capabilities. Joe McGinley, manager of global software security architecture at Diebold, a maker of Automated Teller Machines, will be on hand to describe how Diebold has added TCG's Trusted Platform Module, used with Wave Technologies management software, for public-key encryption security in today's automated teller machines.
"People try to spoof the cash dispenser all the time," McGinley notes, adding that Diebold's ATM, mostly based on the XP operating system, includes not just the TPM hardware but Symantec firewalling, host-based intrusion prevention and antivirus protections as well.