I recently returned from the 2009 RSA conference in San Francisco, and found it a worthwhile venue for getting the true pulse of the industry. Despite the current economic difficulties it is clear that businesses are still concerned about security and are investing in data leak protection (DLP), intrusion detection, scanning, and system log management. Surprisingly, however, at this year’s show there were very few developments on the encryption front. And in a way, I consider this silence as significant as “the dog that didn’t bark” in a famous Sherlock Holmes story.
For those unfamiliar with “the dog that didn’t bark,” it refers to a Sherlock Holmes story in which a dog’s silence (a non-event) was a critical clue to solving the crime. Similarly, I find the industry’s near silence on encryption to be significant. You see, encryption (and related key management technologies) are necessary tools to fight data theft. Yet the industry has seen a reduction in the number of encryption and key management vendors through consolidation and acquisition. What this near silence signifies however, remains to be seen.
One development that is generating plenty of noise is that the bad guys are getting much better at what they do. The days when a break-in was mostly an opportunity for bragging rights is gone. The attacks now are much more sophisticated and are often well-hidden from security software. The intent is to steal sensitive information and to use it for identity theft and fraud. The result is that we continue to see on-going losses of sensitive information, and the threat is getting harder to detect and prevent.
I remain convinced that until encryption becomes woven into our business applications we will continue to suffer continued losses of sensitive data. I’m not naïve about encryption as the solution – encryption is not a panacea to the data theft problem. It is not sufficient in itself to protect data. But it is a necessary component of a data protection scheme. IDS, DLP, and logging will never provide adequate protection by themselves. Properly implemented encryption has to be a part of any data protection scheme.
On a personal note, I hope RSA returns to the Moscone Center for the next RSA in 2010. The South of Market Area in San Francisco is vibrant and has left its urban decay behind. Great restaurants and cafes are abundant in the area and this is an inviting part of a beautiful city. I’m sure we’ll be exhibiting again next year with some interesting news!
Patrick