Fifteen years after the show was launched as a security event largely for cryptographers and technologists, the annual RSA Conference has become one of the industry's largest vents. In this interview, Arthur Coviello, the company's president and CEO, speaks about how the event has changed and why.
The audience at this show has grown over the years. But are the people who are attending the show any different from the people it first attracted 15 years ago?
Yes and no. Ten to 12 years ago, it would have been largely cryptographers and technical people. They are still here. But the crowd is much larger. We are now attracting more business people, chief security officers, project managers, CIOs. We attract Wall Street investors, venture capitalists and a whole host of other people including government people. So the audience is much larger, but we still have that core group of cryptographers.
So what's driving the diversity?
First of all, the topic of security continues to be raised in prominence each year. Second it is more mainstream. When you see Bill Gates, John Chambers and Scott McNealy all on the same program you know that security's time has come. The awareness around security has caused the show to become more popular.
How much of the show is about technology?
I think the keynote addresses and the tracks themselves have a fair amount of practical vision in terms of what needs to be solved as opposed to just throwing technology at people. In the Exhibit Hall there is a lot of technology but most companies are smart enough to package it in the form of solutions solving a problem. But, yeah, there is a heck of a lot of technology that is discussed during the course of the week as well.
From a security standpoint, if there's one thing that you did not expect to be still talked about 15 years after you first launched this show, what would that be?
Fortunately, we are no longer talking about the export of crypto. That's a good thing. But I'd say actually the use of passwords. I would've guessed that we would have gotten rid of passwords by now. And having said that, it is one of those cases where if you can't beat them you join them. Part of my keynote today was all about coexisting with passwords and being pragmatic about them.
What's wrong with passwords?
Well there are way too many of them and they are inherently insecure.
What's driving all of this attention around authentication?
Answering the question 'who are you' is the start of every business transaction, whether it is online or not, and then it is the degree to which you have to prove you are who you say you are.
Authentication is about having an assertion made that gives you a level of confidence in that assertion. For instance, when I talk about using digital identities to create frictionless e-commerce, I am talking about passive authentication, where if somebody logs on we've taken a profile of that person in terms of their computer browser and what they do in terms of transactions and their behavior and without them having to actively participate in the process we can identify them. And then the password becomes just a second factor in the whole scenario, but the user is hardly inconvenienced at all.
We announced the RSA Internet Confidence Index today and it is not a pretty picture. The volume of Internet transactions is going up when people are less confident. It is like people are closing their eyes and driving their automobile hoping they won't hit anything. The fact of the matter is ultimately they will and it can't continue like this.