6 C
Wednesday, November 22, 2017
Home Tags Moscone

Tag: Moscone

Samsung talked up an ambitious vision, but it's all theoretical for now.
Registration opens up on March 27; attendees will be selected randomly.
NEWS ANALYSIS: RSA Conference 2014 provided plenty of food for thought after a year of enormous security breaches and revelations about government surveillance. The annual RSA Security Conference is an opportunity to take the pulse of the enterprise security business.

While other technologies wax and wane with consumer popularity, corporate security is one of those must-haves where last year's impregnably secure business looks like this year's Swiss cheese. After attending keynotes, briefings and walking the exhibition floor, here is my list of the top 10 trends that emerged from 2014 RSA Conference. 1. Ghosts in the Moscone Convention Center: The biggest drivers for this year's event took place outside the confines of the Moscone Center. Edward Snowden is ensconced in Russia, but his trove of National Security Agency documents and the accompanying revelations have had an influence far beyond anything taking place on the keynote stage.

The security vendors, academics, standards committees and government security agencies have long had intertwined relationships. Those relationships were built on trust, or at least on an implicit understanding, that the rules of the road meant setting boundaries on protecting national interests and protecting individual privacy.

The Snowden debacle created a lot of rifts within the industry and between the industry and public, which requires the rebuilding of a lot of fractured trusts.

This year, the RSA conference and company are in recovery mode following speaker walkouts and alternative conferences taking place only a few blocks away. 2.

This year's security box score: One of the ongoing topics at the RSA Conference is trying to guess if the good guys or the bad guys are winning the security battle.

The past year has not been a stellar year for corporate security and was topped off with the Target (a prescient corporate name if there ever was one) data breach that exposed credit data of an estimated 110 million people. Despite the many billions spent on security, tales of digital break-ins, identity theft and corporate digital espionage provide a daily reminder of the leaky ship that is today's corporate technology infrastructure.

The bad guys tend to be the fastest innovators. 3. Stop selling more boxes to solve every security problem: From the early days of corporate firewalls through authentication services, the tendency in the security business has been to cook up a new box to solve every new problem.

This made some sense when digital security was mostly about building a moat around corporate offices and directing people and resources to deepen and widen the moat. That corporate fortress model has withered as mobile devices, mobile workforces and employees anxious to use the latest cloud-based service have become the norm.

While there were still a lot of new boxes on display on the show floor, the days of CIOs and chief information security officers (CISOs) willing to manage many multiple security vendors and systems are clearly ending 4. Maintaining security in the cloud computing age: The cloud is all the rage in corporate computing. In large part, enterprises are intent on building hybrid cloud environments where legacy apps still live in corporate data centers but the new stuff resides in a public cloud.

This mix of private, hybrid and public cloud does not make digital security and privacy protection easier. Traditional security vendors are racing to extend their traditional security products to this mixed cloud model. I went to several briefings and I thought Trend Micro and their “collapse the console” idea of an overarching private-to-cloud corporate security model is a good example of a company that understands the need to meld the old with the new. Security vendors that can extend their current services to embrace a cloud strategy will be the winners here. 5. Security Goes Open Source: I went to a Cisco press conference at RSA where the company talked up its OpenAppID capabilities, which as the Cisco blog explains is an, “open, application-focused detection language and processing module for Snort [intrusion detection system] that enables users to create, share and implement application detection.“ This means that Cisco's acquisition of Sourcefire (and Snort's creator Martin Roesch) will be instrumental in moving Cisco's newly found admiration for open-source products from rhetoric to reality.

The open-source model is having an enormous influence in many other parts of corporate computing, including hardware, networking and the traditional software stack. Security with its traditionally secretive nature has somewhat resisted the open-source movement, but that is changing.
From Monday, Feb. 24 to Friday, Feb. 28, I was trapped in the bowels of the Moscone Center at the RSA Conference here and listened to vendors large and small sell their wares and preach wisdom on the state of modern IT security. For the most part, it was an endless drumbeat of repetitive claims about enabling security and privacy in the post-Snowden era.

The irony of the claims is that many were made within earshot of the exhibit hall booth from the National Security Agency (NSA), which had a decent size floor space to give out information about the agency's activities. The U.S. government in various sessions made its cyber-security position known as well as its approach to privacy. Hidden deep within the RSA conference, and in a timeslot that pitted it against vendor keynotes on the main stage, was a single session that for me, defined my RSA Conference experience this year.

The session was a panel event titled "Watching the Watchers," and it included a who's who of government privacy leaders. Ari Schwartz, director of cyber-security privacy at the White House, moderated the panel. Joining him were Karen Neuman, chief privacy officer at the U.S. Department of Homeland Security, as well as Erika Brown Lee, chief privacy and civil liberties officer in the U.S. Department of Justice.

The final participant was Alexander Joel, civil liberties protection officer in the Office of the Director of National Intelligence. The Snowden disclosures have led the public to believe through myriad reports that privacy is not valued by the U.S. government and in particular the NSA.

The government privacy officers on stage at RSA don't hold that view. It is the job of those privacy officers to protect our privacy. Neuman noted that she runs the largest privacy office in the federal government and that the public trust is an operational goal not an aspirational one. "We build privacy into all of our operations," she said. "We are looking at ways of enhancing privacy rather than eroding it." During the session, a long line of conference attendees peppered the panelists with questions about how the government protects the privacy of regular Americans. One particularly intriguing question was whether privacy officers within the U.S. government are, in fact, advocates of the American people.

Another question was whether the privacy officers felt they received all the information they asked for from the various government departments they serve. Rather then dodge the questions, the panelists responded very succinctly. "I don't feel like I have been lied to, though in some situations, it took some time to get the information I wanted," Joel said. But he added, "It would take a vast conspiracy to mislead the privacy officers of the U.S. government." On the question of advocacy, Neuman said that it is the job of privacy officers within various branches of the U.S. government to be advocates for privacy internally within their own agencies. "It is sometimes challenging, but it's our job," Neuman said. That's what I personally took away from the RSA Conference—the lesson of the challenging privacy landscape.

The intersection of privacy and security is a minefield of complex issues that need to be navigated by tech vendors, users and governments. It is incumbent on all tech vendors and organizations to have privacy officers, and to continuously re-evaluate policies and operations to provide both privacy and security.  Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
San Francisco—The RSA Conference—which ran from Feb. 24 to Feb. 28 at the Moscone Center here—was bigger than ever. Packed with vendors and sessions, the event took up space at the Moscone North and South facilities as well as Moscone West, where the majority of speaker sessions were held.

Aside from the real rain clouds that covered the sky and drenched attendees during the week of the show, the big dark cloud hovering over the entire conference was the issue of RSA Security's involvement with the National Security Agency (NSA). It's a topic that was addressed by Art Coviello, executive chairman of RSA, in the event's opening keynote.

The NSA itself was very visible and physically present at the event in a booth on the show floor that included a captured German Enigma code machine from World War II.

The NSA wasn't the only U.S. government agency represented at RSA; the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) were present on the show floor and in the keynote hall with a speech from FBI Director James Comey. In this slide show, eWEEK takes a look at what transpired at this year's RSA event.
No joke: Stephen Colbert's not a fan of Edward Snowden's whistleblowing, the political satirist tells a packed house at the closing RSA Conference keynote speech. Stephen Colbert kept San Francisco's Moscone Center audience of around 6,000 laughing as ...
The two Internet powerhouses agree that it's time to stop fearing cloud security and embrace the future at the annual RSA Conference. The cloud is secure enough to use, said panelists at the annual RSA Conference in San Francisco on Wednesday. From lef...
Security conference in San Francisco meets with a wide range of protests by security professionals. The RSA conference kicked off this week in San Francisco. (Credit: ZDNet) The RSA security conference (where the world's security companies come to do business with each other), opened its doors this week in San Francisco to a wide range of protests by security professionals who would otherwise be attending and speaking at the conference. The protests might be called "first world outrage " -- but the protesters affiliated with hacker conference DEF CON, organization Code Pink, and sold-out opposition conference "TrustyCon" are getting everyone's attention this week. Wednesday's protest by two noted DEF CON -affiliated organizations (Vegas 2.0 and DC408) have bought out the entire nearby Chevy's restaurant and are turning away RSA attendees and speakers -- notably in the past hour, a visibly irritated Kevin Mitnick. At the heart of the conflict are the weighty allegations that RSA deliberately weakened encryption standards in a contract with the U.S. National Security Agency to provide the government agency "back door" access. In December 2013, Reuters reported, As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned. One of the security professionals staffing today's protest at Chevy's wrote in a blog post, "Our privacy was sold out for less than the cost of most luxury homes." RSA issued a statement denying the allegations. Robert Imhoff, Co-Founder Vegas 2.0 and Chevy's protest lead told ZDNet today, RSA could begin to fix this by going on the record with a detailed response about the accusations.Instead, they've pulled an Edward Bernays and haven't answered the questions directly, leading many in the community to wonder what other shenanigans they have going on.It's time for RSA to come clean. On Tuesday, Code Pink unfurled a hot pink "RSA <3 NSA" banner down the side of Moscone Center North, where the gigantic expo floor is housed. The act was short-lived: protesters were escorted off the grounds and their banner removed quickly. Most RSA attendees and speakers are headed to Chevy's today for an inexpensive, quiet, sit-down meal. When they walk up they're greeted by lab-coat wearing "Vegas 2.0" members (a decade-old independent hacker group that runs DEF CON's largest fundraiser for the EFF), and a discussion about RSA's relationship with the NSA begins. This Chevy's is one of the few "reasonably priced" food options next to the RSA Conference.This will make it so only "Explorer Pass", BsidesSF and TrustyCon attendees get exclusive use of this venue during peak of the Vendor Expo portion of RSA Conference. RSA attendees refused entry to Chevy's restaurant. (Credit: ZDNet) RSA attendees with red badges -- paying attendees and speakers -- are refused entry, and the protesters are handing out flyers explaining the protest's intent to raise awareness about allegations against the RSA, and RSA's inaction, all seen as a breach of trust that is clearly splintering the wider security community. RSA protest material. (Credit: ZDNet) Thursday's opposition conference "Trustycon" (Trusted Computing Conference), held at the Metreon, around the corner from RSA, has sold out and is currently holding a wait list of 300. Trustycon is featuring thirteen speakers who withdrew their scheduled RSA talks in anger over the RSA allegations. Noted speakers include Mikko Hypponen, Marcia Hoffmann, Adam Langley, Mozilla's Alex Fowler, Christopher Soghoian, Jim Manico (OWASP Global Board Member), and other notable figures from the security industry. This story originally appeared as "'Obnoxious' RSA protests by DEF CON organizations, Code Pink draw ire " on ZDNet.
NEWS ANALYSIS: RSA Chairman Arthur Coviello's keynote carefully avoided any discussion of whether or not RSA accepted government money to weaken its encryption software. If you thought RSA Chairman Arthur Coviello's keynote at his company's RSA Security Conference would lay to rest the question of whether or not RSA Security was paid $10 million by the National Security Agency to use easily cracked encryption software, you would be wrong. In what was the most highly anticipated keynote at a security event in years, Coviello took a long route around the $10 million question and instead worked hard to elevate the entire NSA controversy to a discussion about the role of government in protecting both digital secrets and citizen rights.

He wound up his keynote with a four point worldwide plan for digital protection.  But as far as the answer to the $10 million question, no answer was forthcoming. In many ways no answer was expected.

The entire dispute came to light after Reuters article published an article last December which stated: “As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA.” RSA issued a denial which contended the company would not enter into a contract that would intentionally weaken its products, but stopped short of addressing the specific NSA contract or the $10 million figure. That article, along with the ongoing revelations of NSA snooping provided by secret files taken by former government contractor Edward Snowden, has set the stage for an RSA Conference far different than past years. Whereas past conferences were largely concerned with advances in cryptography and the latest security products being introduced by the exhibiting vendors, this year’s conference has veered into a range of digital policy issues many of which concern governmental rights and responsibilities when addressing the conflicting roles of protecting its citizens while also protecting the privacy of those citizens. During his keynote, Coviello said the RSA and NSA partnership have long been a matter of public record. "Has RSA done work with the NSA? Yes. But the fact has been a matter of public record for nearly a decade,” he told the audience.

He mentioned in particular the NSA’s defense arm, the Information Assurance Directive (IAD) and suggested the IAD should be spun off from the NSA into a separate organization.

The separation of offensive and defensive roles within governmental cyber-security organizations was a key to reducing the “blurring” of roles and policies, according to Coviello. While there had been speculation that a protest would take place during the keynote, the audience was polite and applauded when Coviello completed his speech. It was during his keynote that Coviello veered into policy waters and outlined a four-point plan to address cyber-security issues on a worldwide basis. That plan included proposals to renounce cyber-weapons, cooperate in the investigation and prosecution of cyber-criminals, assure economic activity and intellectual property rights and ensure privacy. The decision to take the high road and call for policy reform rather than come clean about its role in the reported NSA contract is unlikely to cool the controversy.

An alternative conference, TrustyCon, is scheduled to take place near the Moscone Convention Center where the RSA Conference is being held and will feature speakers boycotting the RSA event. Coviello called on a broad coalition of vendors, researchers and governments to address surveillance and privacy concerns in an increasingly digital-driven economy. "Intelligence agencies around the world need to adopt a governance model that enables them to do more to defend us, and less to offend us," he said. Meanwhile the final story behind the alleged $10 million contract remains untold and may not come out for years to come, if ever. Eric Lundquist is a technology analyst at Ziff Brothers Investments, a private investment firm. Lundquist, who was editor-in-chief at eWEEK (previously PC WEEK) from 1996-2008 authored this article for eWEEK to share his thoughts on technology, products and services. No investment advice is offered in this article.

All duties are disclaimed. Lundquist works separately for a private investment firm which may at any time invest in companies whose products are discussed in this article and no disclosure of securities transactions will be made.
Analysts said hot topics at the upcoming RSA Conference will include government surveillance and the NSA flap, SDN security and skills shortages. Every year, one of the biggest events on the information security...
Security experts boycotting RSA’s conference can hit TrustyCon—same day, one block away.    
A new conference focusing on issues of "trust" at the intersection of privacy and security will take place during RSA's annual show. January 17, 2014 6:00 AM PST (Credit: TrustyCon) SAN FRANCISCO -- Security professionals boycotting February's R...