The 20th RSA security conference concluded last Friday at San Francisco Moscone Centre.
Especially for someone like me, that had never attended the event before, it was an exciting experience, although a bit disappointing.
I have to admit that San Francisco’s rainy weather was partly to blame for that, although what really put me off is that in spite of being a globally-renowned event, the conference focus was almost entirely US-centric.
Indeed, the topics of most sessions were clearly targeting a domestic audience and the vast majority of the speakers were US-based.
This was, to a certain extent, understandable, given that RSA USA 2011 is only one of the events organised by the security vendor, which also hosts other regional conferences such RSA Europe and RSA China.
However, given the significant presence of international media, my expectations were slightly different.
Take the GRC (Governance, Risk and Compliance) sessions, for example. They were mainly tailored to US federal laws and as such, they wouldn’t really appeal to my Middle Eastern audience.
Unsurprisingly, the magic word on everybody’s mouth was cloud security.
RSA announced that it had finally managed to get to the bottom of the issue with the launch of a revolutionary Cloud Trust Authority, a unified platform which, according to the vendor, will guarantee identity, information, and infrastructure security as well as compliance reporting.
“Participating cloud service providers and their customers will only need to integrate with the Cloud Trust Authority to establish a variety of security integrations with each other rather than establish separate point-to-point integrations,” says one of RSA’s statements released during the conference.
However, the profound confidence shown by the RSA executives I spoke to contrasted with the scepticism reported in the market, suggesting that the security issues that cloud computing involves are far from solved with a single solution.
Don’t get me wrong. The Cloud Security Trust is definitely a step in the right direction, but we should not fall into the trap of believing that it will fix all cloud security vulnerabilities overnight.
Overall, the most fascinating session was probably the one on the impact of Wikileaks revelations on US national security, though the debate could have been classified as biased, one-sided and off-subject. .
It was interesting to see how US policymakers define the concept of threat to national security, often overclassifying information, as the involved parties themselves admitted during the course of the discussion, and how they perceive the world as an alignment of “ally countries” and “enemies”. A definitely politically-charged debate, which nonetheless provided a rare insight into the security policies of a usually secretive country.
As MSNBC.com technology writer Bob Sullivan brilliantly summed it up: “The more secretive we are, the more Wikileaks we will produce.”
Overall, the conference is worth a visit from a journalistic point of view. However, from an end-user perspective it might make more sense to stick to the regional versions.