I talk with RSA Chief Technology Officer Zulfikar Ramzan, PhD at RSA Security* about the major trends at this year’s RSA Conference including the growing focus on digital risk and trust, the debate around encryption, law enforcement and “going dark” and what people mean when they talk about “zero trust” networks.
What was the big theme of this year’s RSA Conference in San Francisco? In a word: “trust.” That was the conclusion of RSA Chief Technology Officer Zulfikar Ramzan when he and I met up on the sidelines of the RSA Conference show floor near the end of the annual security event in San Francisco.
In this video interview, Zulfikar and I talk about the unrelenting pace of digital transformation in the enterprise, as companies embrace cloud based services, mobility, Internet of Things and more. Those inexorable trends are transforming the way organizations operate and have huge, potential pay-offs for those companies and for human society.
Digital Transformation puts focus on Trust
But Zulfikar says that such opportunities hinge on one key element: trust. “If digital transformation is a rocket ship then trust has to be the fuel for that rocket ship,” he told me. “When I think about our companies today and our customers – what they’re trying to ultimately do is ensure that everything they engage in every aspect of their operations is done with the right degree of trust.”
That need for trust extends all the way from the data a company stores to the people it employs to the third party firms and services it contracts and shares information with. But overseeing such a complex ecosystem is challenging – especially in an information security industry that has long been infatuated with cool point products to solve cutting edge problems, rather than holistic solutions.
Going Dark and what we mean by ‘Zero Trust’
Zulfikar and I talk about that. We also talk about the take aways from the annual Cryptographer’s Panel at this year’s conference, which Zulfikar participated in. That panel was juxtaposed at RSA with a session featuring Christopher Wray of The FBI – one of the most prominent figures calling for limits on encryption so that law enforcement agencies can get access to information needed to thwart crime and terrorism. Zulfikar and I talk about the growing (and ever more messy) policy implications of information security.
Finally, Zulfikar and I talk about the current mania for the idea of “zero trust” networks. At one level, “zero trust” networking is not a new idea. (He notes that it has been floating around for close to a decade.) On the other hand, “zero trust” is the latest in a long list of information security buzzwords that get bandied about shows like RSA. Zulfikar points out that the idea of fostering “zero trust” environments isn’t about acquiring a particular technology or service.
“There’s no one product that’s going to give you zero trust magically and I see a lot of our customers going out and thinking they’re gonna buy one of these and one of these and they can check off the “zero trust” box,” he said. “That’s the wrong way to think about it.”
Ramzan advocates thinking about a “zero risk” model as opposed to a zero trust model. That focuses staff on what’s important: identifying key IT assets, data as well as third parties and focusing your energies on securing those.
“Zero trust is fundamentally a mindset,” Ramzan told me. “There are many paths towards achieving it and the right path is the path that fits your organization’s unique needs.”
Check out our full video over on RSA’s YouTube channel here.
RSA Security is a sponsor of The Security Ledger. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.