Stone soup is a fable about how a bit of creativity and cooperation enables productivity amid scarcity. It’s a story that relates to anyone that has worked in public relations for any period of time since we don’t always have flashy new products and exciting customer deployments to bring to the media. Sometimes you may have no news to report, but if you are able to identify trends, provide thought leadership and generate content such as surveys, bylines and podcasts, then you will be able to remain relevant with the press even when news is slow.
Reading is Fundamental
Reading a ten-page feature on the technical aspects of cloud computing may not sound like the ideal Saturday leisure activity, but an informed professional is a valuable professional. It may be a dirty secret of the industry, but many journalists don’t have the time to read competing publications, which means they are ripe with fresh ideas to share elsewhere. Identifying trends and sharing them with reporters is an excellent way to build lasting relationships.
Sharing is Caring
Additionally, identifying and sharing trends with our clients gives them an opportunity to flex their intellectual muscles as thought leaders. It is entirely possible that a client contact has a wellspring of knowledge from a previous position that is just waiting to be tapped. By identifying trends in the industry, you may jump-start a train of thought that leads to a new creative campaign. Generators at Full Power
Anyone that has worked with Web publication knows that “content is king.” The adage proves true today more than ever before as many publications have been forced to slash budgets and reduce staff. A professional or organization that is able to generate compelling content is a valuable resource for the media indeed!
Bylines, that is, a contributed article written by an industry expert (i.e. our clients), can be provided and repurposed to a number of media outlets in a symbiotic relationship that generates content for the publication while raising the profile of the author. Like bylines, podcasts and video casts offer similar opportunities for organizations that have the resources to create them.
Finally, industry surveys provide additional avenues to approach the media. Conference straw polls, professional surveys and studies of customer behavior are valuable feedback to bring to reporters. We’ll be taking a closer look at surveys in an upcoming post.
Just like the fable “Stone Soup,” these strategies indicate ways that it only takes a pebble of an idea, some creativity and some cooperation to create a hearty stew of media coverage.
You spent time planning it for months. To you, and to many IT security companies, RSA is the biggest tradeshow of the year. You worked hard to finalize travel plans, put those finishing touches on the booth design, thought of creative ways to draw attention to your company. The deadline has come and gone and now just a couple of weeks later, the biggest tradeshow of the year is done and can hardly be seen in the rearview mirror. Now what?
If your world has revolved around planning over the last few months, you may find yourself at a loss for words. Not sure what to do next? Here are some suggestions:
Make a note. Write down things that you liked best about the event and specifically, what you liked best about your performance. How was traffic to your booth? Can there be improvements for next year? What are some things you especially liked about other booths? Keep track of these things and brainstorm throughout the year to make improvements where needed.
Get organized. It’s likely that you obtained a number of business cards over the course of those few days. Go through your new collection and determine who you should follow up with first (if you haven't done so already).
Follow up. Send a note or call the people you spoke with to continue to develop the relationship. That being said, it’s also important to keep your promises. If you say you’re going to give them a call, call them.
Strategy. Many companies look forward to these large events to make an announcement, such as launching a new product, service or functionality, because the majority of key industry writers will be around. If you were one of those companies, follow up with those who expressed interest in the latest news. Since you’ve made a splash, it will be important for you to remain in front of these people so your name will not fade into the background. Continue your momentum with a white paper or contributed piece that explains the relevance of the new product or service for the market, encourage and participate in follow up briefings and, if relevant, consider making an announcement with the latest statistics surrounding your news. For example, announce the number of units sold or benefits of the new product/service, such as cost savings, percentage improvement in performance, etc.
If you didn’t make an announcement, review the key trends and news items from the tradeshow and develop your position on the news. There may be a number of opportunities to provide thought leadership on trends and news from the event.
It’s a learning experience. Tradeshows are an opportunity to put faces to names, be it an industry writer or potential customer or partner. It's also a great opportunity to learn how you can prepare for next year.
Our three-part RSA recap comes to a close today, but not before delving into one final strategy:
• Leveraging research for media homeruns
Reporters are fans of research and statistics. Not surprisingly, one influential security journalist said much of his RSA 2010 news coverage centered around various research reports released during the conference.
Announcing significant research at RSA can be a show stealer as evidenced by botnet security company and Schwartz client, Damballa. The company conducted an analysis of the Operation Aurora cyber attack that victimized Google and dozens of other businesses. In collaboration with Schwartz, Damballa rallied to complete its comprehensive research report, prepare the accompanying press materials, and set the media strategy in time to debut its findings at RSA 2010. As a result, Damballa reached key influencers, both at RSA and beyond, with media coverage in BusinessWeek, CNN Online, Forbes, USA Today, a host of prominent blogs, and considerable Twitter chatter, among the highlights.
Vendors like Damballa benefit from having a deep bench of specialized security experts on staff. To capitalize on research capabilities for PR purposes, the first step is to determine what, if any, research is currently being done in-house, is planned for the near future, or could possibly be started with brainstorming assistance from Schwartz.
In the absence of formalized research projects in the works, Schwartz has a laundry list of recommended ways for security companies to tap into their market and customer analysis potential in order to produce stats and data. The concept of vendor-commissioned, independently conducted surveys and studies is a topic for another day. But for the purposes of this post, I will say that, at minimum, security companies should encourage their employees who interface with customers to keep an ear out for any new or noteworthy customer inquiries that may indicate an emerging trend. This type of trend identification and analysis helps to fuel the oh-so-important PR thought leadership campaigns we formulate and execute for clients.
Regarding in-progress research projects, Schwartz works with clients to determine which details can be made public, and moreover, their degree of newsworthiness. Chances are there are interesting nuggets contained within that can be extracted and shared with media in a compelling way. We specialize in distilling down the subject matter to find and prioritize key points that will be most interesting to press and strategic to your business. Then, we advise clients on when, where and how to effectively communicate this information.
So you’ve been holding your breath in suspense of RSA recap Part II? Well, time to exhale and read on! Today we cover two more RSA PR super strategies: lead generation and highlighting real-world implementations and benefits. For quick reference, you can flip back to Part I on building a rapport with press and supporting social media initiatives.
• Lead generation
News is a one of the biggest drivers of media interest at a tradeshow. Significant product news, specifically, is the kind of news that predictably drives leads when delivered to the right audience. From a traditional media relations standpoint, this means reaching targeted readers/viewers with purchasing power.
But first let’s look at things from the journalist’s point of view. Reporters anticipate that companies will announce news in conjunction with RSA and brace for the barrage of incoming calls, for example, about the latest and greatest of widgets to hit the market. However, they quickly grow numb to the onslaught of requests for attention (and annoyed by overuse of words like “revolutionary” by vendors). This in mind, companies must couple smart decisions about what news to announce and when, with aggressive yet structured PR efforts to differentiate themselves from the masses.
As the Schwartz RSA PR tip sheet suggests, take a look at your product roadmaps, customer pipelines, partner deals and other accomplishments, and make a call about which items would time best with RSA. Make sure the news relates as specifically as possible to IT security.
If there is concern that your news may be eclipsed at RSA, then it’s probably best to hold off. Small vendors might be wise to use RSA mainly as a relationship-building forum, rather than a platform for issuing news. On the other hand, if the particular news item can hold its own, then the conference could indeed be a good time to meet face-to-face with press to discuss it—and at minimum be mentioned in round-up stories that string together a summary list of vendor announcements from the show.
In advance of the announcement and the event, perhaps you consider offering a sneak peak of the news to media. This way, you have the chance to equip reporters with the facts while they still have time to stop and listen to you pre-RSA chaos.
The strategy for announcing news involves creating a press release on the selected accomplishments. A strong press release will include quotes from a customer, partner, and/or industry analyst to support the vendor’s claims stated within. Plus, press releases are great for supporting SEO. Schwartz works with clients to optimize press release content with the right keywords and keyword frequency, as well as proper linkages, SEO-friendly headlines, tagging, and more, to promote high organic search engine rankings.
The news then funnels directly into social media strategy with companies blogging and tweeting about it, among other things.
Final tip: When Schwartz clients met with media at RSA 2010, we counseled them to lead with the significance of their news and drill deeper as appropriate based on reporters’ wishes. “I am very excited to tell you about….” should be the start of each conversation.
Dark Reading Editor Tim Wilson brings up a similar point in the comments section beneath my last blog post. Tim’s feedback is worth calling out again here, as he reminds vendors to have an agenda in mind when they engage in tradeshow press meetings:
“One suggestion -- don't set up meetings (or blog, for that matter) unless you have a definite (newsworthy) agenda. We often get into a meeting and the vendor says, "do you have any questions?" and both sides sit and stare at each other. Bring something with you (besides "buy our product!") to discuss.”
• Highlighting real-world implementations and benefits
Customers are PR gold. The best forms of product and company validation for security vendors come from reputable third-party endorsements. Sure, cultivating customer references can be a challenge for some vendors, such as those in emerging growth stages. But all it takes is one reference to get the ball rolling. We at Schwartz are cognizant of the many sensitivities involved with convincing customers to go on-record. On the same token, we have lots of experience helping clients to start, structure and gradually grow their customer reference program. The goal is to get your customers to tell your story for you.
Here’s an example. The CIO at a financial services institution opens the newspaper or navigates to his favorite security news site where he sees a story that takes an in-depth look at the ways in which another CIO at a peer company has benefited from the use of a certain security product. This first-hand account of the technology’s return on investment strikes a chord with the reader since it’s delivered straight from the end user’s perspective. He now begins to consider a security purchase of the same sort and heads to the product vendor’s Web site for more info.
This type of story idea could likely have spun out of a meeting on the RSA show floor. It certainly helps press meeting requests to stand out from the crowd if vendors can offer a reporter the ability to speak with a customer at the conference—preferably one with particularly interesting deployment details to share, including ROI.
Not only was the Schwartz team busy at RSA 2010 facilitating these vendor-customer-media meetings. In many cases we worked with clients to capitalize on their customers’ show presence by filming video testimonials. By creating and posting customer testimonial videos to your company’s Web site (and YouTube as another option), prospects—like the bank CIO mentioned above—will be furthered impressed.
Video content usually features the customer talking about: --Why they chose to purchase a security product --How it fits into their overall security architecture/strategy --What challenges they faced beforehand that prompted the purchase --How the technology has helped them to save money, increase productivity, reduce risk, curb helpdesk calls, or whatever the benefits may be—to the degree they feel comfortable commenting
This exercise simply requires a flip cam and a willing customer participant. Logistically it works best to secure customer permission prior to the event.
Interested in more info on this topic? My colleague Mercedes Fereck goes into greater detail about how to best leverage customer relationships at RSA here.
Stay tuned for my final "Winning PR Strategies" post that will delve into "Leveraging Research for Media Home Runs".
Around every big event, be it a holiday or a nation-wide celebration, cyber criminals look forward to the opportunity to trick the unsuspecting end-user into giving up personal information or sensitive data.
This week (and in the weeks to come), the biggest threat is March Madness. As is typical for this time of year, bracket selections have become a big part of interoffice discussion as employees try to guess the winning teams round by round. With a number of office pools gearing up, many people will try to get the latest information on teams and players, causing many search terms to race to the top of the most frequently searched list. Although we have not heard any reports on it YET, it is just a matter of time where we can expect this to result in SEO poisoning. According to Schwartz client AppRiver, it is not uncommon for nine of the top 10 search results to be malicious Web pages during peak times after a story breaks. Take a look at the Olympics, for example. People around the world frequently searched for the latest medal count, which event was coming up, how a particular athlete performed, etc. It’s no mystery that a hacker would flood the search pages with malware infected sites. And like the Olympics, March Madness has staying power, since it takes place over the course of a couple of weeks and not just one day.
Taking a look at March Madness specifically, once the interoffice brackets are in, the danger turns from SEO poisoning to malware infected sites that are used to stream games live. Not only is this a drag on company servers, but with the expectation that employees will spend time checking scores and their brackets, it’s likely the cyber criminals will turn their attention to targeting not only end-users, but businesses as a whole. We’ve recently seen this done to Google and approximately 30 other U.S. companies with the cyberattacks stemming from two Chinese schools. By gaining access to corporate information, cybercriminals are able to steal trade secrets, computer codes and other valuable corporate information.
Although the threats may have different names, such as Koobface for social networking sites or the Zeus botnet, this is nothing new. Cyber criminals prey on the unsuspecting during the biggest events. Think back to the holidays, for example. How many spam emails did you get offering you a new watch, a Snuggie or Zhu Zhu Pets (enter your favorite latest toy craze).
This is a good reminder that each holiday and big event typically breeds spam and malicious activity. With this in mind, it is a good idea to look ahead to upcoming holidays, rather than wait for them to be upon you, such as Mother’s Day. Has your company given any though to the type of threats can we expect this year?
As we close the book on RSA 2010, let’s take a look back at five strategic aims that, with proper planning and tactical execution, can yield significant PR successes from the security industry’s marquee event.
Today we will cover two of the five: 1) Building a rapport, and 2) Supporting social media initiatives.
• Building a rapport
Developing strong press and analyst relationships takes time, but face-to-face meetings certainly help to expedite the process. The RSA Conference provides a unique opportunity for security vendors to gain exposure to the most influential media, analysts and bloggers that matter to their business—all under one roof over the course of four days.
The simplest of RSA PR strategies is this: Introduce your company to as many key contacts as possible. For those who made media face time a priority at RSA 2010, we at Schwartz spent the preceding months working diligently behind the scenes to arrange show floor meetings.
From a press perspective, the payoff often includes both immediate and long-term benefits. In some cases, instant visibility for vendors comes from meeting with reporters who publish articles during the event that summarize key trends, hot companies and interesting news.
Take, for example, the botnet security company and Schwartz client, Damballa. An in-person RSA meeting secured by Schwartz for Damballa with veteran security analyst and Forbes.com blogger Richard Stiennon led to the company’s recognition as one of only six security vendors on Stiennon’s Forbes Online Best of Show RSA Conference 2010 list.
Then there’s the lasting effect. It takes only a few minutes at RSA to shake hands with a reporter and run through your company’s areas of expertise and value proposition. The resulting increase in name recognition will help to catapult you towards the front of the reporter’s rolodex. The long-term goal is to get writers to turn to you for expert opinions when soliciting story comments from people they consider to be thought leaders on the topic at hand.
• Supporting social media initiatives
Social and traditional media strategies go hand-in-hand. In tandem with RSA press meetings, companies can use the event as a strategic platform to expand their influence using social media channels.
On a case by case basis, we at Schwartz advise our clients on the level of social media engagement that makes sense for them. Many of our B2B security client companies focus primarily on blogs and Twitter.
A well-managed corporate blog provides a great forum for demonstrating your thought leadership and innovation to customers, prospects, partners and press members alike. In and around RSA, blog content would likely include write-ups on your company’s own news, as well as commentary on, and analysis of, industry news and trends cropping up during the conference. With many of our clients, Schwartz is regularly involved in offering counsel related to content creation, as necessary.
To maximize corporate blogging efforts, the Schwartz team shares posts with targeted media contacts. By encouraging online writers to include a link to your company’s blog and reference its content within their RSA coverage, this in turn, drives traffic—including prospects—back to your company’s Web site.
Tweeting from RSA adds merit to your media strategy as well. As outlined in the Schwartz RSA PR tip sheet, Twitter can be used to make short observations about RSA and drive people to your blog posts. Busy reporters, in particular, benefit from Twitter updates as many of them are tied up covering keynote sessions and may not be able to allocate time for booth meetings with vendors.
Case in point: AppRiver. Leading up to RSA, Schwartz encouraged relevant media and analysts to follow secure messaging solutions provider AppRiver on Twitter. Impressed by the quality of AppRiver’s RSA-related tweets, an influential security journalist, Forbes’ @taylorbuley, recommended to his sizable follower base that they tune in to @AppRiver on Twitter. As few as 140 characters can have a big impact on cutting through the RSA clutter and landing you serious street cred too.
Okay, two down and three to go! Stay tuned for my next post on lead generation, leveraging research for media homeruns, and highlighting real-world implementations and benefits.
Kelly Jackson Higgins is senior editor at Dark Reading, an online publication covering IT security. Tim Whitman from Schwartz spotted Kelly on the show floor of the RSA Conference last week and asked her a few questions about the show.
Tim Whitman from Schwartz Communications caught Pete Lindstrom of Spire Security on the RSA 2010 trade show floor. Pete graciously agreed to share his thoughts about the conference.
This is it. The fifth and final day of the 2010 RSA Conference, and it’s been quite a ride. Looking back, it’s clear the cloud takes the gold as the most discussed item, although government presence and increasing cyberthreats picked up speed in the latter half of the week, placing each at a tie for silver, especially since they seem to go hand in hand. Tim Greene of NetworkWorldwrote a very thorough article that explores each of these topics in greater detail.
Taking a look at the conversations yesterday, many revolved around FBI Director Robert S. Mueller III’s speech regarding the increasing threat of cyberterrorism. In his speech, he presented the idea that hackers will continue to enhance their skills and will eventually combine cyberattacks with physical attacks. Along with warnings of foreign nations supporting radical group recruitment via the Internet, Mueller advised any company that finds itself to be a target or victim of a cyberattack to turn to the government for help, promising business confidentiality and safeguards to privacy.
Continuing down the path of government presence within the cybersecurity realm, there are also some (perhaps not too outlandish) beliefs that the U.S. is involved in a cyberwar…and we are losing. Cybersecurity Czar Howard Schmidt denied the existence of a cyberwar saying it’s a terrible concept and further explaining that it’s an environment where no one can win. To reiterate what has been discussed in previous posts, Schmidt’s priorities for the year include better end-user education (something most security professionals say over and over again is a key area of improvement), information sharing and better defense systems.
There was also talk yesterday of the real benefit of using end-to-end encryption within the credit card industry, increasing ID theft within the healthcare industry and fraud. Interestingly enough, there were also discussions of robotics and the changes this advancement would introduce to society.
For the final day at RSA, anticipate continued discussion of increasing cyberthreats, but be prepared for a slight twist on the conversation, as many sessions today will discuss cybersecurity trends, digital forensics, encryption and identity/access control.
For those of you traveling home this weekend, safe travels and we’ll see you next year.
Walking the floor of RSA 2010 in San Francisco is a lesson in over stimulation. As is the case with many other trade shows, vendors are constantly trying to grab your attention. The ways they capture your eye, and more importantly your time, vary.
The contest is a popular one. I saw live trivia game shows and a game where two contestants tried to grab and shove ping pong balls flying within a wind tunnel. I also saw the standard "give-us-your-business-card-for-a-drawing" offer. One vendor was giving away iPads. (I didn't know they were even available?)
When it comes down to it, though, the most attractive booths were those that gave away food and drink. I have to admit even the popcorn stand at one booth was very attractive (popcorn scent travels far). The Qualys (Schwartz client) booth, pictured below, had a full-length bar in the center of the booth, and from that location gave out a variety of concessions. Soda was available all day, and at certain times I spotted beer and sliders (those mini little hamburgers).
It's not a huge surprise that those vendors catering to our most basic needs receive the best response. How hamburgers relate to IT security? Well that's another question entirely, I guess.
The government. Microsoft. Cyber threats. The bulk of conversation at the RSA Conference yesterday focused on these three topics. Let’s take a minute to explore each one.
The Government—As I mentioned in yesterday’s post, federal employees are stepping up to the mic to discuss cybersecurity and awareness to better detect and prevent cyber attacks. Between Einstein, the increasing adoption of the cloud and the still vivid memories of Aurora, there's little doubt of the widespread need for better cyber security. According to White House Cybersecurity Coordinator Howard Schmidt, the U.S. is ill-prepared for a cyberwar.
Lawmakers are making an especially hard push to advance a comprehensive cybersecurity plan, especially now with the U.S. cyber czar position filled. Based on Schmidt’s presentation earlier this week, we know the government is gearing up for a few things to occur over the next year:
Widespread adoption of cloud computing
Significant improvements in cyber security
Better working relationships between law enforcement and the private sector to more effectively fight cyber crime
Instant response plan for cyber-emergencies
Better transparency in government
Although each of these plans are stated with good intentions, it will be important for our government to remember one of the many lessons taught at RSA this week: avoid the excess hype surrounding a cyber threat and/or attack. Why? Because many dangers surround an overhyped threat, especially when you consider many consumers don’t really understand cyber threats.
On a “fun” note, however, Janet Napolitano, the Secretary of the U.S. Department for Homeland Security (DHS), announced a competition to encourage the industry’s “best and brightest” to think of creative ways to better enhance the security of computer systems and cyber networks. Known as the National Cybersecurity Awareness Campaign Challenge, ideas will be accepted through April 30, 2010. Winners will receive DHS funding to better promote the idea to a wider audience.
Microsoft—Scott Charney, Microsoft corporate VP for Trustworthy Computing, made a bold move yesterday, stating that the industry should consider taxing every PC user to better fund the fight against cyber crime. Needless to say, this was met with a variety of responses across the blogosphere and a flurry of activity on Twitter. Richi Jennings at Computerworld selected a few “gems” that he blogged about today in Computerworld’s IT Blogwatch.
Cyber Threats—As I stated above, many consumers do not understand cyber threats. Social networking enhances this misunderstanding as more and more people provide increasingly intimate details about their life on these websites. By providing potentially sensitive information, people make it easier for cyber criminals to better focus their attacks, making their attacks more successful.
For Day 4 at RSA, anticipate more discussion on cyber threats--what to do to prevent them, best tips on what to do when you’ve been hit, etc. We’ll also see some additional discussion regarding security standards and, per usual, discussion of the cloud.
Cybercrime is a threat to both enterprises and consumers; it appears that no one is immune from an attack. As cybercriminals become more sophisticated, targeting their victims based on information obtained from social networking sites, it’s no surprise that cybercrime instills fear into many, especially as enterprises encourage the use of social networking as they learn how to use it to their advantage.
However, a strong word of caution was issued during a panel at the RSA Conference yesterday--security professionals were advised to be wary of the intensity with which they discuss threats. It is important that they find a balance between explaining the risks as well as the probability of an attack. Although some of the hype can encourage companies to re-evaluate their existing security practices, it could cause more harm than good. For example: the threat of stolen IDs, credentials and other sensitive data has many executives rethinking the approach to the cloud.
Once again, we saw the cloud take center stage as many conversations yesterday focused on the security of the cloud (and we can expect the same for today with a quick look at the daily schedule). With many people believing the cloud lacks sufficient security, they turn to the industry with expectations that security pros will “fix it.” Keep in mind, however, that fears and concerns of data security in the cloud are nothing new; this has been a primary reason for delays in adopting cloud computing for some time.
RSA President Art Coviello said in his keynote yesterday that the industry faces one of the greatest challenges: securing the cloud. He explained, “Cloud computing can allow more energy and investment to be directed to a real innovative and competitive advantage, but the one thing that’s holding it back is security.” He also named some key areas that should be prioritized as the industry takes on this task:
Who gets access to what and gaining visibility in the cloud
Compliance
Insider risk
Privileged user control
Workflow
A final thought: With cloud computing seemingly the way of the future, there’s little doubt that the government will be included in this new trend. We’ve already seen some significant federal movement toward the cloud, as I mention in a previous post, but at RSA, this is taken to another level. A number of federal employees within the cybersecurity arena are stepping up to the mic to lead various discussions on how law enforcement and the private sector need to work together to fight cybercrime.
Unveiled yesterday was Einstein, the National Security Agency’s Homeland Security program to protect the U.S. from cyber attacks. The still-in-progress, more robust second version of the program is described as being “designed to look for indicators of cyber attacks by digging into all Internet communications, including the contents of emails.” Knowing hackers and cyber criminals view this industry as a business, it will be interesting to see what this leads to as hackers turn to their version of R&D to enhance their operations.
For several years, SC Magazine's annual award ceremony at the RSA Conference has been a place to see and be seen. Last night, more than 400 IT security industry luminaries packed the Grand Ballroom at the InterContinental Hotel in San Francisco for the awards gala.
I had the honor of presenting an SC Magazine Award for "Best Security Company" to IBM.
With awards across more than 30 categories, last night's event no doubt sent many PR professionals scrambling to write press releases once the accolades were announced. Winning an SC Magazine Award always boosts the enthusiasm around the winners because respected awards such as these provide nice proof points for prospects, partners and investors. Winning them is an important objective for IT security PR teams. Further, attending the SC Magazine awards ceremony itself is in many ways a rite of passage for growing IT security companies.
I answered many questions last night about the SC Magazine Award submission process, the importance of the awards, etc. No doubt members of the Schwartz security practice will write much on the topic in this space in the future.
As was expected, much of the news from yesterday's RSA Conference focuses on the cloud, and specifically, the Cloud Security Alliance (CSA)’s four-hour summit. Kelly Jackson Higgins of Dark Reading wrote an article summarizing the summit and the CSA’s top seven threats to the cloud. An interesting point that came from this discussion is that data security still remains one of the key concerns for companies using the cloud. This begs the question: what type of encryption are you using and do you know how it works?
Some other news from yesterday includes an interesting tidbit on compliance. PCI and HIPAA are just two of the many compliance mandates that companies need to be aware of and abide by. The medical industry is increasingly turning to IT, emphasizing the importance of information security in compliance. Bill Brennerdiscusses the results of a survey illustrating that 41 percent of companies would fail a PCI audit. This makes one wonder: is a true, compliance-focused security solution available?
Today, we can expect a slight change in the focus of conversation. The cloud will still take center stage for most of the day as keynote sessions explore the security of the cloud. But with additional keynote sessions, seminars and panels aiming to discuss the Internet, virtualization and data breaches, we can expect an increase in the amount of coverage around the increasing sophistication of cyber threats and attacks, including specific mention of Advanced Persistent Threats (APTs).
Last night, the expo portion of RSA 2010 kicked off with a reception. I walked the floor and snapped a couple of pictures. [Full disclosure: The companies pictured are current Schwartz clients.]
Today is Monday, March 1, day one of the 2010 RSA Conference. The bustle of activity today is quite diverse as exhibiting vendors work hard to get their booths ready, some security professionals prepare for today’s seminars and other vendors begin to announce new offerings and products.
As I mentioned in an earlier post, there is much anticipation of news surrounding the cloud. Just this morning, there have been a number of announcements regarding new cloud offerings and products promising better malware detection and e-mail security.
Interestingly enough, we’re also seeing significant discussion of the cloud’s presence within the government. Matt Hines, an eWeek blogger, wrote an article this past weekend explaining that the government voice will “echo loudly” at RSA this year. Hines explained that in White House Cybersecurity Coordinator Howard Schmidt’s recent press conference, he stated that the coordination of federal cyber security efforts will be a leading priority. Following the recent “Aurora” attacks on Google, the combination of cyber crime and the availability of the cloud for federal institutions will encourage many discussions to look at the cloud’s impact on business productivity as well as data security.
As we turn our attention to RSA sessions, the cloud appears to be a key topic of discussion today. The four-hour Cloud Security Alliance Summit, beginning at 9:00 a.m. PT, will provide key information from industry experts about the state of cloud security. Cloud discussion continues early tomorrow with the first RSA keynote at 8:00 a.m. PT discussing Safety in the Cloud.
On another note, keep an eye on Adobe and Google. Knowing that a number of tomorrow’s sessions will focus on the latest types of cyber threats (such as the Advanced Persistence Threat, or APT, for short) and best practices to avoid falling victim to those threats, it will be interesting to see how these sessions tie-in the latest flaws with Adobe and how companies can better protect their networks with increasingly determined and more sophisticated attackers.
