RSA 2014 Recap Notes: NSA Controversy, Session Highlights, and the Birth of TrustyCon

March 6th, 2014   /     /   smarter identity, security and compliance

With the dust having settled from last week’s RSA Conference, I took some time to gather my thoughts on what was a very memorable week.

Attending as an exhibitor was quite a treat as you get to see behind Oz’s curtain and see what it takes to prepare and man the booths, including giving crash courses to ahem auxiliary booth personnel who might not be too familiar with terms like ‘encryption’, keeping the booth stocked with schwag, presentation rehearsals, wrestling with scan devices, and taking breathers between visitor mobs. It wasn’t too dissimilar from corporate recruiting events and other conferences I have held the fort down on, but come on, this is RSA! Step right up! Happy Hours in the expo hall! Take a spin on our wheel of prizes! Tote bags, get your tote bags over here! Take a picture at the NSA booth! Those are not auxiliary booth personnel, those are space aliens!

The RSA Conference Carnival

Basically, year in and year out, a carnival-like atmosphere descends on Moscone Center during the RSA Conference, and we certainly contributed as was our duty. This year however, it was what was happening leading up to and during the conference that drew more attention than in previous years, but not for good reasons. NSA was already going to be a common item of discussion at this year’s conference thanks to the Snowden leaks that started last summer, but when allegations emerged that RSA might have been paid off by the NSA to intentionally weaken encryption technology, scheduled RSA speakers started bailing out. An alternative one day conference called Trustycon was held across the street from Moscone Center and some of the speakers that defected from the RSA Conference spoke there instead. Even though I was not able to catch all the speakers, I found the Trustycon morning talks to be some of the most interesting, and was pleasantly surprised that they kept the anti-RSA rants to a minimum.

That’s not to say that there weren’t more vocal protesters during the week. A group of protesters affiliated with another major conference bought out a nearby restaurant for a day and refused to allow entry to any RSA conference attendee aide from the expo pass holders. This group was directly targeting RSA and handing out fliers to raise awareness of the RSA-NSA allegations and encourage people to boycott RSA.

Productive RSA Sessions

Aside from these, RSA sessions themselves had some interesting moments as well. One of the first speakers during the conference, Richard Clarke, chairman and CEO of Good Harbor and a member of President Obama’s review group on intelligence and communications technology, not only dropped an F Bomb, but also alleged that EU companies are trying to get a marketing edge by pushing for data localization under the guise of security and quite bluntly stated that the NSA can get to any data regardless. The speaker that immediately followed, Professor Udo Helmbrecht, is the Executive Director of the European Union Agency for Network and Information Security, so you can imagine there was some awkwardness felt in the audience when he took the stage and had to specifically respond to the allegations. RSA’s CEO also captured the attention of attendees by going off-script to speak about the topic on everyone’s mind; the RSA-NSA allegations, but I would be surprised if that influenced anyone one way or another.

A Turning Point for the RSA Conference?

Ironically, RSA-NSA allegations or no, one of the last RSA Conference stories making the rounds was triggered during the RSA Conference itself.  The conference’s smartphone app had a vulnerability that exposed the personal data of the people that downloaded the app, and in this day and age of increased privacy awareness and the technology community’s eroded trust in RSA, this is an incident RSA could do without.

Overall, the 2014 RSA Conference might be a turning point for the conference thanks to Edward Snowden and the repercussions of the information he brought to light. It made for a very entertaining week and birthed a new conference that will hopefully become an annual mainstay. It didn’t change my perception of the current shifts in security and privacy or how we are reacting to them in the short term, but it gave me more to consider as we move along on our compliance roadmap.

About the Author

Alvaro Hoyos leads OneLogin’s risk management, security, and compliance efforts. He also works with prospects, customers and vendors to help them understand OneLogin’s security, confidentiality, availability, and privacy posture and how it works alongside, or in support of, customer’s own risk management model. Alvaro has over 15 years in the IT sector and prior to joining OneLogin, helped startups, SMBs, and Fortune 500 companies with their security and data privacy compliance efforts. His commentary and articles have been featured in several publications, including CIO, CSO, Network World, Infosecurity, eWeek, and Help Net Security. Alvaro is a member of the Forbes Technology Council and has a B.B.A in M.I.S. and a M.S. in M.I.S. from Florida International University.

View all posts by Alvaro Hoyos