I’m at RSA Conference 2014 this week on behalf of Symplified, and I’m making the most of my access to sessions and the Expo Hall to identify trends in security, identity, mobility, and identity and access management (IAM). Here are some of my observations from the first few days.
On Monday after checking in, I was able to get into couple sessions: The Cloud Security Alliance’s software defined perimeter (SDP) workshop, and the Innovation Sandbox.
While most of the technologies used in the SDP workshop were not new, I saw some similarity to “context-aware security,” – and as expected, I was glad to see one of the key components of SDP was IAM.
In the Innovation Sandbox, the 10 participating startups each gave three-minute presentations and competed for the most innovative company award, which I found pretty interesting. Here’s some background on the winner of the competition.
But among the Sandbox exhibitors, I thought bluebox.com was the most interesting, yet the company still has a way to go add run-time integration with existing user stores such as Active Directory.
On day two, I got in line early to be sure I could be among those of the estimated 24,000 attendees who could attend the keynote sessions via live audience. I listened to three strong presentations by execs from RSA, Microsoft and Juniper Networks. Of course, NSA surveillance (and Snowden’s revelation) came up again and again.
I also sat in on a cryptographers’ panel, which included Adi Shamir, a professor from Israel, whose group published a paper last year on extracting the RSA key using listening CPU. The panelists also addressed the Bitcoin topic as well.
Then, I hit the Expo Hall to check out the exhibitors. Here are a few overall impressions:
1) Single sign-on (SSO) is already a commodity. Not surprisingly, most vendors that address some aspect of Identity, access control, DLP, application/web filtering, or otherwise also offer SSO. I saw many familiar brand names and faces, as well as a couple new ones this year.
2) Multi-factor/2FA is becoming commodity. From my observation there may be more 2FA vendors than IAM vendors. Of course, most, if not all, 2FA vendors have mobile components.
3) Data analytics, and its application in the security space, is a fast-growing area, with vendors entering this space from SIEM, network security monitoring, DLP, and next generation firewalls.
Next, I was the sole vendor-side participant in a peer-2-peer session of IAM practitioners are responsible for administering their companies’ IAM systems. A few of the common challenges I we discussed:
1) Many companies face the challenge of how to manage employee vs. non-employee access (partners, vendors, contractors, retirees, board members) in an IAM system for provisioning, privileges. For provisioning, some are still using mainframe products, not just AD/LDAP stuff.
2) Identity and access governance is important, and having a simple, systematic way to ensure user identification is critical.
3) Putting identity data in cloud or losing control of it in an IDaaS model is still a big concern. (I reminded participants that it is possible to maintain control of sensitive data and keep it on premises with products like Symplified.)
Today is day three of RSA and I’m excited to share more observations from the rest of the show with you later this week.
Symplified CEO Shayne Higdon, VP of Marketing and Product Management Brian Czarny, and Director of Sales John Marangos chat with IAM pros at the booth.