What a week! So exhausting was the RSA 2018 Conference that it took us a week to recover enough to crank out this blog. Not that cavorting with 50,000 or so of your closest security colleagues isn’t interesting (it is!) but also very demanding mentally and physically (logging anywhere from 17,000 to 25,000 steps a day, but who’s counting?).
In the digital world in which we now live, information is a very highly valued commodity. Safeguarding that information, therefore, has become a top priority. RSA Conference’s mission is to connect you with the people and insights that will empower you to stay ahead of cyber-threats.
For me, it was not my first show and certainly not my last, I’m sure. But what struck me as I worked (and walked) the show floor is that the RSA Conference has remained true to itself and the attendees in terms of its original intent.
As usual, some of the RSA Conference media staff had been going around the show grabbing video clips and quick interviews with attendees and exhibitors. Passing through the GlobalSign booth, the question posed to me was: “what does RSA stand for?” On the spot, I could not recall how the company/conference got its name. A quick Googling brought it back to mind.
RSA was named from the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. They developed the RSA encryption algorithm in 1977, and founded RSA Data Security in 1982. The company has passed through a few hands since then, including EMC and now at home with Dell Technologies.
A further peek at Wikipedia about the RSA conference (yup, there is a reference) tells us that the first event was in 1991, with about 50 people attending, and had just one panel, called "DES and DSS: Standards of Choice." The focus or theme of that first event was on why attendees should not adopt DSS, a standard that was expected to challenge RSA Security's status as the de facto standard for digital signatures.
Fast-forward to 2018, and the RSA Conference remains a place where security-conscience minds come together to share, discuss, profess, confess, absorb and disclose the latest postulates of cybersecurity practices and theorems (and let’s not forget all of the great corporate parties!).
The RSA show isn’t all classes, keynotes and lectures. In fact, there is a lot of fun and games that go on as well, especially in the GlobalSign exhibit booth, where the discussions were all about Automation, Integration and Management of PKI. In fact, we made it our theme, complete with a Pop-a-Shot basketball arcade where visitors got their PKI GAIM on.
As anticipated, much of the talk from attendees centered around switching certificate vendors. Whether they were nervous about lack of support from recently merged CA’s (Symantec and Digicert) or the Trustico fiasco, the conversation usually started with “how can we switch CA’s?” and “why should we switch to you?” These were easy questions that prompted further conversations around GlobalSign’s Enterprise PKI expertise and some specifically to our new Digital Signing Service.
Six Most Common Questions Heard at RSA 2018
What was interesting was the almost universal pain points that we heard —from CISO’s, to Security Admins and the like. While the six most common questions below could each have a dedicated blog, we’ll simply link to educational resources for those interested:
- I need a way to automatically and easily secure our internal and public networks with a mixture of different types of SSL Certificates - and some with Subject Alternative Names (SANs).
- We have a company-wide initiative to further protect end-points and replace passwords with certificate-based authentication that is cost effective and user friendly.
- How do we ensure only approved machines and devices can access the corporate networks and resources?
- We are a growing company and now need the ability to encrypt sensitive internal communications and more deeply lessen the threat of phishing attacks. Will implementing S/MIME do that?
- My internal department heads as well as their team members are all expressing a need to use digital signatures for legal and other documents (timesheets, financial or tax documents, etc). How easy is that to implement via the cloud so that my entire enterprise is covered…AND how do I integrate so they can use with MS-Office, DocuSign, Adobe, etc?
- My mobile device security administration is getting out of hand now with nearly all employees accessing the networks remotely or with personal and corporate phones and tablets. Can Digital Certificates be used on mobile devices for email encryption and signing, and authentication to email, VPNs, and Wi-Fi?
I’m sure that at least some of these questions are familiar to you. We enjoyed talking about these use-case questions and hearing other stories of how our colleagues are safeguarding their fiefdoms from the latest onslaught of cyber ne'er-do-wells.
If you did not have the chance to get to the RSA Conference this year, here are some links to our Enterprise PKI and Digital Signing Service demos that were very popular to attendees that stopped by. We also welcome any questions you may have…and encourage you to share a PKI or other cybersecurity use-case story and how you solved it by contributing to this blog, anytime!