RSA's RSA Keynote: The End of the World as We Know It

Art looks tanned, relaxed and healthy. A $2.1 Billion deal will do that for you.

Oh, yeah. Back to the keynote. He seems to be channeling Joe Tucci (head of EMC). It's all about the information. "If you can't manage the information, you can't secure it." You think he's in the information management business?

Clearly the approach we've taken for security isn't working. I've said that once or twice before. So I'm there with him.

He's calling for THE END OF THE STAND-ALONE SECURITY INDUSTRY. Within 2-3 years. That's a Bill Gates-ian prediction a la spam. Interestingly enough, he's putting the nail in the coffin of his own damn conference. If there is no stand-alone security business, who is going to pay the tab?

Big is the new small. Boy, the stuff I wrote last year was right on the money. Kind of scary. I better think of some new stuff for this year. Did I mention the Pragmatic CSO? That's new, right?

Security is inextricably linked to business strategy. Man, that's Pragmatic.

Now he's talking about how security can "accelerate" business. That's crap. Didn't believe it back then, don't believe it now.

But security is a hallmark of all the big technology providers. It's true. Cisco, HP, IBM, EMC, etc. Security is a key part of what all of these folks are doing.

Security is not about firewalls and IPS. It's about cash, unimpeded business processes, the customer experience. Interesting. We haven't implemented "information security." Haven't focused on the information or linked security to the information. Amen.

The new term is INFORMATION-CENTRIC security. Start at the core and work out. Minimize risk. Three guiding principles:

1. Not about perfect security - security aligns with the value of the information they are trying to protect. Did Art read my book when I wasn't looking???
   
   
2. Needs to adapt - Pattern recognition right into the infrastructure. Kind of like anomaly detection-based approach. Based on behavioral techniques. It's the only way to defeat malware. Of course he pushes adaptive authentication. I do buy into that.
   
   
3. Requires defense in depth - Proactively understanding the risk to your organization. Intelligence sharing and a layered approach to security. Need to leverage security being built into applications.