There was no much exciting news at RSA2007. I think I need to write a few things down here or otherwise I will no longer remember them:
- Information Centric Security: The information is the king. However, the king can not live in a castle all the time. You, as a security professional, should be a knight to protect the king no matter where the king goes. How: add security controls to data in addition to network (for example, use Rights Management Server to protect data in addition to IPSec).
- User Centric Identity: Identity and Access Management is all about enabling people to do business more efficiently and securely. It will be supported by solutions such as Strong Authentication, Identity Lifecycle Management, Federation Services etc. You will see that more and more dedicated security companies merged into bigger business companies as a trend.
Following is a link to photo taken for Bill Gates' last RSA conference keynote speech with his successor Craig Mundie. Identity is one of three major area in their security strategy (the content in this blog is a kind of input to that vision). The other two are Network and Protection.