What should IT personnel and executives at enterprises know before adopting a cloud computing model? How are CISOs dealing with the trend of consumerization? How will mobile app stores affect the threat environment?
These questions and more will be addressed at the 2010 RSA Conference, being held Monday through March 5 at the Moscone Center in San Francisco.
Three of the main themes that will drive this year's conference are cybercrime, cloud computing and consumerization, according to industry analysts who participated in a pre-show teleconference on Wednesday.
Today's threat environment can be summed up with a quote from the 19th Century Irish writer Oscar Wilde: “It is a very sad thing that nowadays there is so little useless information,” said Chris Christiansen, program vice president of security products and services at IDC, during the teleconference.
In today's world, information has become a new form of currency that is accepted all over the globe, Christiansen said. All of the information on social networking sites, such as Facebook, MySpace and Twitter, is useful to somebody.
Christiansen and other industry analysts from Forrester and Gartner plan to discuss the IT security landscape in a session called “Industry Analyst Roundtable,” scheduled for Tuesday. They will delve into emerging threats and challenges including consumerization, cloud security, data breaches, deperimeterization, metrics and mobile security, and discuss how security vendors are responding to these issues.
Security executives from Intel, Equifax and Eastman Kodak are also planning to discuss the topic of consumerization, or the use of consumer-targeted technology in the work environment, during a panel session called “A CISO Perspective,” scheduled for March 4. Each panelist has dealt with consumerization and plans to give their perspective on the trend, as well as other changes occurring in the security landscape of many organizations, Khalid Kark, principal analyst at Forrester Research, who is scheduled to moderate the session, said during the conference call.
Currently, there are three major changes CISOs must understand and deal with, including a shift in technology, business expectations of a CISO and ownership of security, Kark said.
“Change will impact our security organizations here and now,” he said. “Without understanding those changes and acting and reacting to those changes, it will be hard to survive and be a real business player going forward.”
The rate at which technology change is happening in organizations is unprecedented, Kark said, pointing out that from 2008 to 2009, the adoption of social networking sites for use by businesses doubled – from 11 to 22 percent.
“It's fascinating that, in the span of a year, that adoption doubled,” Kark said. “It's a freight train coming and we need to figure out how to deal with it.”
Also today, the CISO's role is changing, Kark said. CISOs have more influence and visibility within organizations than they had in years past. They are expected to not only oversee the tactical and technical aspects of security, but also be involved in strategic business decisions, he said.
“Even a few years ago, it was unheard of for security to have that type of influence within an organization,” Kark said. “We have come a long way from where we were a few years back.”
Panelists will discuss how they are leveraging the visibility they have within their organizations, he said.
The most significant change in today's enterprise security landscape is a shift in ownership and the control of security due to outsourcing, Kark said.
“We are seeing a lot more people open up to the idea of outsourcing services,” he said. “IT infrastructure and the security of IT infrastructure are no longer in our control.”
Panelists will discuss how to manage and deal with that change.
Individuals from Verizon Business, SaaS web security vendor Zscaler, and web-based DNS management software provider OpenDNS also plan to discuss outsourcing and cloud computing in a session called “SaaS-based security solutions,” scheduled for March 3.
Cloud computing is one of the most hyped trends in IT security – and will also be another major theme of the show, said Scott Crawford, managing research director at Enterprise Management Associates, during Wednesday's call. He will moderate the session on SaaS.
“The number of organizations planning to adopt a cloud computing model is small compared to the hype and expectations in the market,” Crawford said.
A top priority and one of the most difficult challenges of cloud computing is ensuring data is protected, he said. Manageability and performance are other concerns.
During the March 3 session, panelists plan to discuss what organizations need to know before jumping into a service-based model for security.