Reflections on RSA Europe 2011

This week’s RSA conference in London was an unusual blend of predictability and surprise. As usual the networking, programme and event management was first class, which is the main attraction for me.

As expected, there was little new or interesting on show. As usual, the keynote speakers were mainly sponsor executives. But this year the messages and the mood were different. The general theme seemed to be that traditional security solutions are no longer effective.  

The conference started with a masterclass from Art Coviello on how to emerge from a massive data breach smelling of roses. Peppered with quotes like “What doesn’t kill you makes you stronger” it was a superb piece of spin, reflecting a carefully constructed crisis response strategy. I even agreed with him that the future demanded greater exploitation of data mining and fusion.

Preceding that was a celebratory film about the cryptographers who invented public key algorithms. They are all heroes now despite the fact that they don’t seem to have developed anything significant in the thirty five years since then, or the fact that we still can’t get their inventions to work as intended.  

Following that was a good programme of panels and lectures. With six streams, you can only scratch the surface of what was on offer, but there was plenty for everyone.

The best learning point for me was from my own panel session on US and European data protection and encryption laws: the security community needs to engage urgently with the legal profession and the regulators to help promote efficient schemes for data breach reporting. The most impressive new product on display was the Visa CodeSure authentication chip card which ticks all the right boxes. The most useful give-away product was the Qualys spectacle cleaning cloth.

The conference ended on a flat note with a rambling rant from Tim Berners-Lee on what’s wrong with e-Commerce and security. Most of it stated the obvious about the poor ergonomics and the lack of standardisation in today’s security solutions. Tim clearly has a great vision but he lacks a cunning plan to overcome the obstacles to achieving it.

But we do need a few idealists to counterbalance my rather defeatist view that if security isn’t painful then it probably isn’t any good. This is not entirely true in theory but it generally turns out to be the case in practice.