Let me start by saying that RSA is still the place that every security nerd on the globe gathers; "It's what we do!" 

From Amber restaurant to Jillian’s at the Metreon, The Marriott Marquee to coffee shops, Chevy's, and of course the Tonga Room at the famous Fairmont Hotel, business meetings light up the conference with a constant exchange of information between colleagues, partners, customers, and attendees. In fact, outside the walls of the Moscone and into the surrounding businesses is where much of the action takes place during this massive event. The San Francisco metropolitan area is where innovation and strategy are being outlined on napkins and cardboard coasters, not in the sessions.

I watched as an entire Cloud Workload Tagging and Security Group configuration leading practice was outlined for two CISOs on a napkin inside the Starbucks on 3rd street and Howard. It was a brilliant display of best practices on logical data segmentation.

It gives me a great sense of pride to be part of an industry that, even in this era of agility and automation, can embrace problem-solving in such a primitive and collaborative way. The excitement for furthering security was palpable. The desire to affect change was infectious. Attendees didn’t feel confined to the event; they were solving problems wherever they needed solving, and sometimes that happened in the greater San Francisco area, and sometimes it took place on the expo floor.

For those who ventured inside the walls to hear the talks (and I’ve heard that some sessions attracted as many as 1,200 attendees each), here is some of what was covered:

Fear based presentation and training. "The cloud is scary." "You are losing control over your data." The meaningless phrase, "paradigm shift" uttered fifty times during one session. 

Seriously, though, there were some great presenters with good content delivered by Securosis, Voodoo Security, Shannon Lietz (The Queen of SecDevOps), and a few select others. Just not enough of it. There was too much talk of the on-premise blinking lights type of approach. The typical FUD we claim to have eliminated from our vocabulary.

Where were the big use cases around PCI/HIPAA/PII workloads in the cloud and how to best configure them to pass audits?Last year Amazon Web Services (AWS) added 250,000 new logos (i.e., clients) to their roster yet they were barely a blip on speakers’ radars. Something so big, gaining such popularity due to speed, efficiency, and (yes) increased security should have really been a greater focus during sessions.

At all the “metropolitan meetings” and external events surrounding RSA, the talk was all cloud and "How To." Across the expo floor, every cool kid hidden in the back of Moscone South to the small guys trying to exist the land of misfit toys in the North touted that their solutions are cloud enabled. Everyone but the host of the conference seemed to understand where the industry is headed and cloud’s importance in it.

The cloud hot topics and state of affairs discussed all over town included:

  • AWS is taking over the world! The upcoming release of Inspector is a threat to all traditional infosec endpoint vendors. It is the first time AWS is deploying an agent to the host, and the initial release focuses on PCI and CIS rules.
  • Azure is clearly the number two cloud service provider (CSP) on the planet and Microsoft is making it tempting to move workloads to their platform via enterprise license agreements and improved security solutions. The general availability release of the Management Based Activity API for Outlook 365 and rebranding and packing of Adallom to Microsoft Security Application is a strategic move, as it bakes deep security visibility into their cloud offerings.
  • Speaking of Adallom, cloud access security brokers (CASB) are hot, hot, hot! This is the fastest growing space in security today. SkyHigh, SkyFence, CloudLock are all providing great solutions to help security professionals make this transition. 
  • VMware's CEO, Pat Gelsinger, lead a solid keynote, but his company’s solution still relies on a vSphere platform that is being cannibalized and products like NSX that have not been fully adopted. 
  • RSA, along with other traditional security vendors, are pushing infrastructure-based solutions to manage cloud. (Ummm, oxymoron?) 
  • Machine-based learning and big data analytics. Devices are now the consumers of data. We are just users, so people are looking for practical ways to implement these technologies to finally have a preventative security posture, and it all starts with logs. 

By next year’s RSA show we should see more consolidation in the cloud security space, the emergence of additional cloud-native security tools, and hopefully a wider range of "How To" enablement sessions in Moscone West that will be helpful for practitioners who want to begin the transition from builder to broker.

At any rate, one thing is for certain: amazing traditions of the Bloody Mary & Bacon breakfast, along with swanky parties held by slick west coast PR firms like Kulesa Faul, will continue to provide a ton of great networking opportunities. They will enable a flow of information that will help us all cut through the FUD as we learn more about new processes, tools, and automation that drive innovation for our organizations.