Day two officially marks the start of RSAC. Now that the show floor is open for business - the talks are underway and the halls are starting to hum with conversation as attendees move from place to place.
Most of my morning / afternoon will consist of briefings and one-on-one meetings, but I wanted to start the day with a themed discussion. Please feel free to leave your thoughts on the topic in the comments section below.
The theme is Shadow IT, and today I’ll be posting Q&As with executives on this topic. The interviews were conducted before the conference started, but the comments given on the record make for a good icebreaker.
Shadow IT sounds scary, but it's not. These days, the bulk of an organization's data already exists on a network maintained by an approved SaaS vendor.
Yet, the workforce is technologically savvy. If IT denies them a technical tool, they know how to get it on their own, and SaaS vendors make implementing a service or feature a painless process.
Overall, the majority of employees doing this are not acting maliciously. They turn to SaaS offerings as a way to streamline their work or improve productivity, and only do so because they were initially denied access and didn't agree with or understand the reason for denial.
Considering the bigger picture, Shadow IT isn't the largest problem a company dealing with SaaS has. Complacency is, because most organizations are trying to force older models of security, trust, and networking into a place where they just don't fit.
The questions posed to the executives for the Q&A are based on a few conversational topics.
The first is that legacy security has now become irrelevant because of BYOx (Bring Your Own Anything) policies and risks associated with the level of “any device” access offered by the SaaS market. After that, the topics also consider the point that SaaS vendor security isn't complete, and their application ecosystems are an unknown threat vector.
The following executives were included in the Q&A:
(Page 2) Craig Rosen, CISO, FireEye
(Page 3) Ken Baylor, CISO, Pivotal
(Page 4) Bil Harmer, CISO, Good Data
(Page 5) Assaf Rappaport, CEO, Adallom
Their comments and thoughts can be found on the marked pages. Not everyone answered all of the questions that were asked, but their comments are interesting nevertheless. Again, feel free to weigh-in with your own thoughts in the comment section below, or email me directly.