The RSA Conference is often affectionately referred to, by many “RSA veterans” such as myself, as a s*** show. Every year, it gets bigger, with more halls opening up to allow new vendors a chance to showcase their technologies. One thing is for sure–there is no shortage of cybersecurity solutions, and just the sheer volume can make anyone feel overwhelmed.
Outside of the expo hall, there are always a wide variety of sessions and keynotes to take part. Everything from hacking autonomous cars, to gender equality and diversity, as well as visionary, ethical and even more philosophical takes on cybersecurity.
What’s the Biggest Theme We Noticed? Data Privacy.
Consider all the privacy issues this past year has brought to our attention. 2018 showed us, more than previous years, that as a security industry, we haven’t paid enough attention to just how fragile and important our privacy has become. It began with Cambridge Analytica that had harvested millions of Facebook profiles in an attempt to influence voting behavior, and it didn’t end well. Marriot suffered one of the biggest consumer data breaches in history, an event that comprised the personal information of more than 300 million customers. Google revealed two API bugs that exposed the data of more than 50 million users of Google Plus. Cathay Pacific suffered a breach that affected 9.4 million customers, compromising names, dates of birth, passport numbers and credit card numbers. The Chegg breach affected 40 million users, after unauthorized access to their database exposed names, email addresses, phone numbers, as well as usernames and passwords.
There is a common theme here. Organizations are still struggling with the complex security, competitive imperatives and ethical dilemmas associated with privacy, and losing consumer trust. The mounting global regulations and high-profile incidents have made many of us question how much data we want to share and whether companies and their partners have a vested interest in protecting our data.
How Can We Better Protect Data? Start Actually Protecting the Data.
For most businesses, today’s information security is built as a series of metaphorical walls—protections and defenses erected around applications, devices, networks, and online identities. Beyond those walls, we rely on each individual employee following policy as a virtual extension of these fortifications.
The good news: we have become expert at building defenses around applications and networks, including perimeter-based security, strong authentication, encryption, mobile device management, and secure containers. All of these solutions offer vital protections.
The bad news: when they fail—when there’s a breach in our defenses—we try to strengthen the barriers we already have. We don’t adapt. And that doesn’t work.
Physical boundaries and network perimeters are dissolving. The more complex the IT environment becomes, the more difficult it is to protect the systems, devices, people, and networks handling corporate data. Sensitive data escapes through the gaps in the defenses. Business is storming the walls, from the inside out. Data delivers value when it’s being used by employees as well as people outside of your organization, with devices and applications that you cannot control.
At Vera, we’re trying to close the data security gaps by protecting what really matters: the data itself. VERA secures sensitive data through its entire life cycle, everywhere it travels, no matter who has it or where it’s stored. Our goal is to protect confidential data at the point of its greatest vulnerability—when it’s being used by others and as it travels outside our perimeters into unmanaged domains, devices and applications.
We do this through dynamic data protection:
- Granular visibility and centralized control; understand how your content is used, by whom, and proactively investigate unauthorized access attempts.
- Control access to sensitive files even after they have been shared with external users via cloud collaboration tools, email, or other means.
- Standardize on a sanctioned cloud collaboration tool without risking unauthorized third-party access to sensitive data.
You need to proactively and aggressively defend data by employing a relentless, always-on security posture that ensures maximum protection no matter how far your data travels outside of your organization. And you need to do it in such a way that makes it seamless to use and effortless to control who can access the information as well as what they can do with it.
I spoke with many people who have a relentless pursuit to implement the best solutions possible for their organizations, and their commitment is truly admirable. This is perhaps one of the most impactful moments for us at RSA — that we are not alone in this pursuit. We have the same goals – to protect our customer data, our employee data, and prevent any further exploitation of information.