When the train that is the RSA Conference pulls into San Francisco next month, its arrival will mark 17 years since a small group gathered in Redwood City, Calif. to lay the groundwork for what would become the world’s largest IT security show.
The year was 1991, and the event, then known as “Cryptography, Standards & Public Policy,” consisted of no more than 50 people, all cryptographers. Two years later, the gathering became the annual RSA Conference and began attracting hundreds of people from all realms of information security.
Fast forward to 2008, and now 17,000 people are expected to converge on the Moscone Center. But, for an industry that is as fast changing, history likely means little to attendees. Instead it is all about the most current subject matter and viewing the latest products from the expected 375 vendors.
This year, organizers say, the 18 education tracks and 230 sessions will feature the widest array of content ever — an especially important development as threats and attacks continue to grow in sophistication and number. Awareness is at record levels, buoyed by compliance demands — such as Payment Card Industry (PCI) standards and well-documented data breaches, such as TJX.
“There is certainly reputation harm that can be done to a company that has faulty security,” says Sandra Toms La Pedis, area VP and general manager of RSA Conferences. “Identity theft continues to be one of the largest crimes.”
Additionally, a number of sessions will be dedicated to topics such as virtualization, digital discovery and the proliferation of Web 2.0 apps in the enterprise, she says.
The latter category also includes websites, such as Facebook, the popularity of which are inciting discussions among chief security officers who are torn between eliminating risk and satisfying the younger generation of employees, says Tim Mather, chief security strategist for the RSA Conference Advisory Board.
Meanwhile, Steve Orrin, director of security solutions at Intel, will address a threat related to extensible markup language (XML) web services, an increasingly popular technology in companies.
“[XML-based service oriented architecture] is becoming the de rigueur method for deploying applications and functionality, both to internal employees, as well as partners and customers,” Orrin says, adding that the majority of LAN traffic soon will be XML-based.
The problem, Orrin plans to tell the audience, is that XML can be “a carrier for a variety of malicious activities.”
A not-so-emerging threat — spam — is sure to get its share of coverage, too. As such, a number of speakers will devote time discussing socially engineered junk mail, Mather says.
The conference this year also will feature many technical sessions, including a new track called “Research Revealed,” in which top information security researchers will present their latest findings on a slew of in-the-weeds topics, such as kernel exploitation, reverse engineering and dynamic taint propagation, organizers say.
“This is really cutting-edge information coming from the top research labs out there,” La Pedis says.
As the discussion over software assurance and security continues to take hold within the industry, do not be surprised to see more developers and coders roaming the floor at RSA Conference 2008, organizers predict.
Tim Mather, chief security strategist for the RSA Conference Advisory Board, says there is a noticeable shift underway from older, static programming languages to more dynamic ones. This increased complexity and functionality, however, open the doors for more holes.
But developers charged with building applications for companies are being required on a more frequent basis to understand proper security techniques, Mather says.
“It would be my gut instinct that I think we see more developers this year,” he says. “We’re moving to Web 2.0. There’s certainly an awareness to increase that security, certainly more so than, say, five years ago.”
The “Industry Expert” track will return this year to feature highly regarded speeches from cryptographers Bruce Schneier and Paul Kocher, in addition to the head of information security for the 2008 Summer Olympics in Beijing.
More than 400 other speakers will inform and entertain the crowds, including keynotes from Malcolm Gladwell, author of the best-selling book The Tipping Point, and Jeff Hawkins, creator of the Palm Pilot, who has since founded a company focused on neuroscience.
More IT security-centric keynotes
are expected from Craig Mundie, chief research and strategy officer at Microsoft; RSA President Art Coviello; VeriSign Chairman Jim Bidzos; Thomas Noonan, general manager of IBM Internet Security Systems; Websense Chief Executive Officer Gene Hodges; Symantec Chairman and Chief Executive Officer John Thompson, and Herbert “Hugh” Thompson, chief security strategist at People Security.
The conference’s theme will focus on Alan Turing, considered the father of modern computer science. Turing is meant to represent how far the field has come since he began his work in artificial intelligence and cryptography in the early part of the 20th century.
Kind of like how far the RSA Conference has come since 1991, when a group of just 50 met for six hours at Hotel Sofitel in Redwood City.