Big Data is on every technologist's mind lately and the exhibit floor and session programming at the 2013 RSA Conference in San Francisco reflected that trend. It was mentioned in keynotes and discussed at length in sessions. The words “Big Data” were prominently displayed in banners and literature in the exhibit hall from software and hardware vendors as well as consultants and educational programs.
And it’s no wonder—the availability of all manner of data is increasing at a tremendous pace.
Data analytics are the driving force of our current wave of technological innovation and create increasing challenges for information security professionals. But it is not just the infosec community that is being challenged by Big Data; the growth of importance of data analytics in day-to-day business operations is also putting pressure on those who are in charge of privacy assurance.
Again, this was evident at RSA. In past years, privacy topics were in the programming, but this year a whopping 12 sessions specifically discussed privacy. It was also clear from the conversations I had at the IAPP booth in the exhibit hall as well as in after-hours networking events. I talked to a steady stream of IT managers, information security professionals, investors and executives who all are feeling increasing pressure to “do something about privacy.”
Some worry about compliance with the increasingly restrictive laws and regulations, some are finding it difficult to maintain privacy protections in the face of rising demands for data and still others were exploring career opportunities available by shifting their focus to more privacy-related issues.
People are seeking resources to help them navigate privacy issues, whether that be training, education, the availability of for-hire expertise or career development advice. RSA clearly recognized that and acted on it this year. Don’t be surprised to see other traditional data security conferences add significant privacy programming ASAP.
Privacy-related coverage of RSA
Here’s a quick round-up of privacy topics as reported out of RSA from the mainstream and trade media:
- Maybe the highest profile privacy event at RSA involved the panel discussion hosted by IAPP President and CEO Trevor Hughes, CIPP, featuring Google Senior Corporate Counsel, Privacy Keith Enright, CIPP/US, CIPP/G, Microsoft CPO Brendon Lynch, CIPP/US, Mozilla Global Privacy and Policy Leader Alex Fowler and Facebook CPO Erin Egan. In its coverage, The New York Times noted that web privacy has become a business imperative. NetworkWorld seized on the back-and-forth over Microsoft’s Scroogled campaign. SC Magazine called it a clash of the titans over do-not-track and advertising’s role in building the Internet.
- In another attention-grabbing piece, RSA head Art Coviello told TechWeekEurope that “European Privacy Laws Harm Civil Liberties.”
- BankInfoSecurity Editor Tom Field recorded a 20-minute video interview with McAfee CPO Michelle Dennedy, CIPP/US, CIPM, and Hughes where they talked extensively about “How to Define and Enforce Privacy,” covering a lot of ground involving how privacy is no longer a compliance exercise and the intersection of privacy and security. Further, Dennedy coins the term “scoffery.”
- Educause rounded up the NSTIC pilots debut at RSA by the National Institute of Standards and Technology, namely the Internet2 Piloting Mobile Device Multifactor Authentication on University Campuses.
- Security Bistro came away from RSA with the notion that “Japan Offers Best Privacy and Security Policies for Cloud.” Security Magazine lumped South Korea and the UK in with Japan.
- In another video offering, which you can see embedded below, Hughes spoke with Smart Enterprise Exchange about the increasing complexity of privacy:
- V3.co.uk’s takeaway from Hughes’ talk is this: “Violate privacy and you get killed"
- Finally, Special Assistant to the President and White House Cybersecurity Coordinator Michael Daniel has an interesting wrap-up of his trip to RSA, where he met with a number of people regarding Executive Order on Improving Critical Infrastructure Cybersecurity (E.O. 13636).