I spent a few days at the annual RSA Security Conference in San Francisco. As always it was an interesting event, however, not many of the attendees I spoke with felt they came away seeing much of anything new.
Virtual security, a hot topic two or three years back, has quieted down. Im not sure if this is due to the large players in the virtual space improving their own offerings substantially, or just good spin on minimizing the issue with press and analysts. Speaking of spin It reminds me of IBM and their System i platform security a really risky platform unless you implemented your applications following some unrealistic guidelines issued by IBM. IBM did such a good job with this secure platform positioning that many enterprises today think they are safeand theyre really not.
On the topic of security and mobile devices, I think this will be a big issue for enterprises. I sat in on an interesting presentation by Mark Bauhaus, EVP at Juniper Networks, on Defending your Mobile Life. He painted a picture of the significant risks companies face now that employees are bringing their own smart phones and pads into the enterprise. His best point was you arent going to solve this issue by telling employees they cant connect to corporate systems with their own devices this is yesterdays strategy.
Why dont I read about these potential mobile security risks in the general press? Is there not a big threat here? My prediction: You will see more than a couple huge breaches this year caused by mobile devices in a Fortune enterprise environment. And, next years RSA will have a much bigger focus on this topic.