The RSA 2013 Conference, which took place Feb. 25-March 1 in San Francisco, is widely regarded as the year’s biggest security-focused gathering in the technology industry. A place where leaders and innovators in the security field can rub shoulders, discuss trends, and share information with one another.
The challenges of BYOD, mobile devices, and the proliferation of cloud services were the major themes at last year’s conference, and rightfully so. Last year was overwhelmingly the year that BYOD became an expectation instead of an exception, dozens of new mobile form devices moved from the living room into the board room, and cloud-based services and applications have become the preferred method for new business solutions.
If 2012 was the year of mobility and the cloud, 2013 is the year of big data, business intelligence, the Internet of Things (IoT), and an emphasis on government’s role in cyber intervention and legislation.
Big Data, Big Opportunities, and Big Headaches
Arthur Coviello, Jr., the Executive Vice President of EMC Corporation and Executive Chairman of the RSA, kicked off the keynotes this year with an emphasis on what he describes as the convergence of mobility, social media, and the cloud. All of these sources combined with more traditional channels are accounting for an explosion of collected data. Coviello made sure to point out that stored digital content is doubling every two years and reached a zettabyte (that’s a 1 with 21 zero’s behind). He further elaborates on the sheer volume and complexity of this data, saying that unstructured data (data that doesn’t have a pre-defined model and/or fit well into relational tables) is five times larger and growing three times as fast as structured data.
Those figures seem more like astronomical units in a NASA report than actionable data leveraged in a security analysis but the security industry is taking notice as all of this stored information creates a huge attack surface and more than enough vectors to be defended.
Business Intelligence and Situational Awareness
In a classic chicken-and-egg dilemma, Coviello along with Francis deSouza, Group President of Enterprise Products and Services at Symantec, also see big data and analysis as the keys to deterring attacks. Symantec’s deSouza provides some more figures saying that they have sensors in over 200 countries and territories, dealing with 1.5 to 3 million threats a day. Their systems process 1.7 trillion pieces of information, including 3.6 billion files and 100 million URLs every six hours. This allows Symantec to turn big data into big intelligence.
All of this analysis can be translated into what deSouza describes as situational awareness. Symantec is looking for attribution factors like who’s after you, what campaign they are running, and what they are after. From this information, they want to ID nefarious entities and use predictive analytics to discover the next targets before they can be attacked. Getting out ahead of cybercrime for the first time in historically cat-and-mouse game of internet security.
Internet of Things Allows Digital Destruction to go Physical
The Internet of Things (IoT) is a term that describes the proliferation of objects connected to the internet. Objects as pedestrian as vending machines, parking meters, refrigerators and bathroom scales; to things crucial to our infrastructure like power grid relays, sewage pumps and 911 switchboards. Coviello sites a Nick Valéry article in The Economist,“Welcome to the thingternet”, saying that there will be more than 1 billion things connected to the internet by the end of 2013 and that experts are estimating a total of 27 billion things will be online by 2020.
The IoT promises a level of connectivity and efficiency like nothing before it, with machines knowing when they’re going to need a part replaced and automatically sending out for their own repairs and your refrigerator telling you that it’s detected a lack of milk when it notices that you’re at the grocery store.
The flip-side to the advantages of connected objects is the potential gateway for digital attacks to cause physical destruction. A joke heard at the event about new Internet-connected bathroom scale that could send your weight and body fat percentage to your doctor automatically. Now imagine a technically-savvy prankster hacking that scale to automatically report an increase of 5 pounds a week until you get an urgent call from your hospital. Now imagine state-sponsored hackers disabling the power and communications of all major cities all from the comfort of a cubicle 3,000 miles away.
Tying It All Together with Government Intervention
The major sentiment that pervaded nearly all of the keynotes was the role that the international community and government need to fill in order to combat cyber crime as it has evolved today.
With confirmed breeches of the The New York Times, Twitter, Facebook, and others still fresh in mind, the risks of data theft and unauthorized infrastructure control are more apparent than ever. Scott Charney, Corporate Vice President Trustworthy Computing (TwC) at Microsoft spoke about the need for global cyber security initiatives and standards to allow for the enforcement of cyber laws without the hindrance of jurisdictional conflicts and red tape. Coviello posed the question of “what is the government was going to do” to stem the tide of state-sponsored attacks. While deSouza echoed the sentiment by referencing the “rising powers” of a small countries with a sophisticated cyber arsenal capable of disrupting the operation of a country 1,000 times its size.
It’s clear that the U.S. government is taking these issues seriously, with the recent cyber security executive order signed by President Obama and the security industry believes that further government action is necessary to ensure protect our digital borders.
ZiffDavis.com – Daniel Mellinger is a Research Analyst for Ziff Davis with primary responsibility for business technology news, research, and webinars.