• United States



Senior Staff Writer

RSAC 2014: RSA Conference (Day 3)

Feb 26, 20143 mins
Core Java

Today is day three of the RSA Conference in San Francisco, California, where Salted Hash has been operating all week. Follow along with our daily musings below.

Wednesday is arguably the busiest day at the RSA Conference. During the lunch hour, most of the people will opt to head to a restaurant that’s close to the show, because the cost of food in Moscone Center (where RSA is being held) is just insane.

Most of the time, people head to Chevy’s, a Mexican food joint, located right next door to the conference. But that’s not the case today.

Today, Chevy’s is closed to the majority of the RSA Conference attendees. A group has bought the restaurant for the day, after a successful crowd funding campaign, in order to deny access to anyone who paid to get into the RSA Conference.

In a handout to those that are turned away, the Vegas 2.0 Team explains that those who paid to attend RSA are contributing to the problem.

“For only 10 million dollars, RSA partnered with the NSA by adding a weak cipher to BSAFE, making this weakened cipher the default option, and causing NIST to approve it by citing early adoption. Instead of sending a message to RSA saying ‘Hey, we don’t like this behavior,’ attendees like yourself instead give RSA millions of dollars in conference fees and royalties.”

It isn’t much of a protest, but it makes a point. In the brief moment that Salted Hash stood by and watched, several people were turned away.

Concentration of Risk and Consumer Trust

“Do you believe that organizations care about securing your data?” That’s the question posed to consumers by HyTrust, and so far, almost all of them have said no.

“That’s staggering. That three out of four consumes don’t trust the companies they’re dealing with,” Eric Chiu, Founder and President of HyTrust, told Salted Hash during a brief discussion this afternoon.

The question is, why is there such a lack of trust?

Companies still see security as an afterthought, opting instead to focus on profits and revenues. The thing is, security doesn’t drive either of those things. Now, security becomes important once a breach or incident happens, but by then security is a shield that can help limit the damage to brand, reputation, and of course revenue and profit.

When organizations use VM and cloud environments, the consolidation of systems, networks, and data to a single software platform, becomes the easiest point to attack from a criminal’s perspective. To address this, securing the management of the environment becomes almost as important as protecting the data itself. This can come from authentication controls, such as the two-man rule or multi-factor authentication, leaving data encryption to act as a failsafe of sorts, rendering the compromised data useless to anyone without the proper keys.

“This isn’t easy,” Chiu said, “but in the long run the payoff can be big when organizations do their diligence and invest some time and resources into investigating the solutions that are the best fit for them internally. Then again, the consequences of not getting it right can be disastrous.”