There are fewer topics stirring bigger buzz among information security professionals than big data, cloud security, and mobile. So it's no surprise that those topics will dominate the discussions this year at the RSA Conference 2012.
"One of the terms that has exploded onto the agenda this year is big data," said Dr. Hugh Thompson, program committee chair for RSA Conferences on a conference call for reporters and analysts last week. "Can [big data] help us to be smarter about how we defend, and how we identify malicious activity?" he asked.
Great question. And there will be a number of big data sessions at the conference that will aim to provide answers, from Forrester analyst John Kindervag's session Managing Advanced Security Problems Using Big Data Analytics to Big Data and Security: The Rules Have Changed, moderated by CSOonline's Managing Editor Bill Brenner.
"Big data is a huge topic," said Kindervag. "It's a real opportunity for IT security to not just be the aggregators of the data, but to use the data to uplift the security of users and applications," he said.
Kindervag said that big data could provide enterprises the ability to do simpler things better, such as capacity planning, in addition to increasing security better by utilizing the data from the perspective of both security and network teams. "That's very exciting," he said.
But it also isn't without additional risks. "There is a lot of toxic data in those [big data] repositories, and that could make it easier for attackers to steal our data if they can get ahold of it. We will be looking at both sides of those issues," he says.
Of course cloud computing will be big again. The Cloud Security Alliance (CSA) is holding its third summit this year, where the group will discuss cloud security standards, with presentations that will tackle challenges around international security standards, cloud brokers, and securing various cloud architectures.
"The tools to manage cloud are growing more mature," says George Reese, CTO of enStratus, who adds that the discussion this year should move away from 'what type of cloud is more secure than another' to how to best manage and secure one's architecture.
The risks and security issues created by the mobile devices that enterprise users use to log onto those cloud services will also be scrutinized. "Employees often carry four devices at any one time—how do companies manage these things?" asked Thomson.
"Mobility was the number one topic in submissions this year, and you will see mobile security sessions sprinkled throughout the conference," he said.
Those presentations may offer lessons and advice security managers want to heed. "Up until recently, companies were not doing a lot [when it came to mobile security]," says Andrew Hay, an analyst with the 451 Group. "They were [focused on] securing their networks and endpoints.
However, I suspect that a lot of those efforts are wrapped up, and now they are looking to other sources of data exfiltration and entrances onto the network, and mobile is one of those things," said Hay.
"There are a lot of security people who wish that mobile was not happening, but [mobile] is a dam that is going to break. We have to look at how we can secure these mobile devices in a non-traditional way, and mobile creates a big problem from a management and scalability issue," Kindervag said.
And for organizations who are seeking answers to that, and other security challenges, there will be more than 300 vendors eager to try to sell them a solution next week.