This was a great RSA conference for me and after meeting with many customers, prospects and friends in the security industry, I wondered if I would remember anything at the end of the week. However, when I looked at my notes, and thought about my interesting discussions and meetings, there were three common topics among everyone.
The encryption debate was an obvious one as it is not only the current hot topic, but also controversial. Second was around the consolidation in the security space with so many splits, mergers, acquisitions, and exits. The third one was the most popular one and also my personal favorite. It was on the actual technology of “Internet of Things”. It was a second year in a row that IoT has emerged as one of the hot topics at RSA. At some level the encryption backdoor of San Bernardino iPhone debate is also related to IoT and its security.
Here are some of the things I learned through customer meetings and the overall security community:
RSA Conference selects the topics through a committee based on many factors including what the customers are asking for and where the industry landscape is heading. They have more than 700 sessions, and Britta Glade, who is one of the committee members for selecting the discussion topics, said that IoT is the #1 topic this year in her report. She said that “IoT has moved to front and center”.
What was particularly interesting was the maturity of topic around IoT. We have progressed from discussing ovens, medical devices and a broad spectrum of devices that are connected, to talking about actual solutions, applications, and use cases.
For instance, there was a panel discussion on emerging theories of liability to manufacturers and vendors from legal and IoT perspectives. This panel was discussed by a group of legal counsel members. Another example was a live demo of exploiting vulnerability in a drone and taking the command control to exhibit the damage it can cause. If you think IoT will not reach your data center or legal meetings, think again!
Guess what the #2 topic was?
Industrial control systems (ICS) and the Internet of Things (IoT). Yes IoT was #1 and also #2 topic this year at RSA. In fact, it was also major part of the #3 topic: encryption on mobile devices, medical devices and POS devices. Britta said that ICS did not have much traction around ICS in the earlier years, but as IoT has received big traction, ICS has become #2 topic at the conference.
I have always said that any connected device is a threat, especially if it has privacy information or can remotely control ‘things’. ICS specifically were not built to be secured. In fact, they are built on old security protocols and approaches, and their data breaches can have large-scale catastrophic disasters. Think about that hacker who is in FBI custody for taking over flight control by hacking through in-flight entertainment systems. The most popular session in this topic was ‘Attacks on critical infrastructure that discussed about ‘banking threats’ through ICS’. True Story!
Over the next few weeks I’ll share my additional insights on IoT. Until then, check out this cool video to see how ForeScout can tackle the IoT security battle: https://www.youtube.com/watch?v=_8lIR9T0m-o