Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

I decided to be low-budget at the RSA conference this year and just
attend the Expo. So far, that’s definitely been the correct decision;
I’m able to do all of the networking I need to do this way, and I avoid
the back pain associated with sitting in those uncomfortable chairs for
90 minutes at a time. Plus my Expo pass was free ;) I do miss seeing the
crypto panels, though. Maybe next year.

Big themes among this year’s exhibitors? Auditing and compliance, not
surprisingly. As a colleague observed, nearly every product booth makes
some claim to that effect. And there are more and more service firms
doing technology auditing/testing/compliance.

Strong authentication is big, of course. Thankfully nobody seems to be
claiming this is the Year of PKI or the Year of Smart Cards. It might be
the Year of OTP, though: there’s a resurgence in that technology,
consisting of some firms who have been slowly but surely eating away at
RSA’s market share in that area, and others who will try. This is driven
not only by demand for OTP in the context of RAS/VPN, but also as a
solution for web sign-on, a beach head first established among the
European banking community.

Biometrics too, of course. Most demos are still fingerprint-based, the
main difference this year being the sheer number of them and the fact
that they’re better integrated into existing authentication systems,
front-end and back-end.

And booth babes. Still plenty of those.

Last note for the day: I found my way to the IOActive party this
evening, which was classy. It was there that I learned about the recent
eWeek “15 most influential people in security today” list (link below)
which had, naturally, become a subject of debate. Having now reviewed
it, I think the list is insightful and thought-provoking, and thus the
reporter accomplished his task. I will say that a substantial amount of
influence within the security community trickles down from the
hacker/researchers on the conference circuit, and while the list isn’t
entirely representative of that, I’ll grant that it’s difficult to
measure the impact of ideas that haven’t yet reached the mainstream.

http://www.eweek.com/c/a/Security/The-15-Most-Influential-People-in-Secu
rity-Today/

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment