CSA Summit at RSA 2020 - Recap Part 1

By Frank Guanco, Research Program Manager, CSA

CSA was excited to welcome a diverse group of speakers to discuss cloud security and privacy during this year’s CSA Summit at RSA Conference 2020. We heard from Glenn Gerstell, Alex Stamos, Phil Venables, Dan Geer and many others. Our speakers addressed the following questions and topics:

1. Who’s ultimately responsible for security given inter-country cyberattacks? The private sector or the government?
2. What can organizations do to prepare and respond to a breach?
3. How can we embed security into the business culture?

Read part one of our CSA Summit recap. In this post, we’ll be exploring the highlights, key ideas, and big insights from the morning sessions.

Cybersecurity as a First Class Business Risk: Challenges and Opportunities

Phil Venables (Board Director, Goldman Sachs Bank and Senior Advisor (Risk and Cybersecurity))

In this opening session of the CSA Summit at RSA Conference 2020, Phil Venables shared insights on security as a business and technology issue and how a culture of security comes from actions. The considerations for executing this is threefold:

1. Enterprise integration and how to embed security into the fabric of business decision-making
2. Technology integration that involves embedding improvement into technology delivery
3. Resilience and recovery through limiting blast radius of events and integrating incident response and operational controls

As security moves towards the future, Venables shared the unique position of those in the industry like the camaraderie of the security community and the higher purpose of security that impacts innovation essential to progress. As the session closed, Venables shared a quote; "We are careening into the future at the speed of light. Relax and enjoy the ride."

You can read more about his session in this article from Infosecurity Magazine here.

PANEL: Preparing and Responding to a Breach

The panelists focused on the human aspect of breaches and how organizations can prepare their individual employees through proper training. At one point, Diana Kelley, Cybersecurity Field CTO, Microsoft drove home the idea that no one should be exempt from regular trainings.

“Annual or biannual training is for everyone...just because they have a title people don't get exempt from that training” - Diana Kelley, Cybersecurity Field CTO, Microsoft.

Outside of training your internal employees Andy Kirkland (Global Chief Information Security Officer (CISO), Starbucks) emphasized the importance of fourth-party risk and understanding the full extent of how your supply chain works. For instance, what are the shared providers of the providers and attack vectors that come from those?

Ultimately John Yeoh VP or research wrapped up the session by aptly stating that - “You can share responsibility, but can't share accountability.”

Tech’s Failures and a Way Back to Global Competitiveness

In this talk, Alex Stamos from Stanford Internet Observatory, Stanford University, covered some of the core issues behind the techlash and why Silicon Valley has done such a poor job in responding. He also discussed how Silicon Valley could work collectively and with DC to build a durable competitive advantage for US tech.

Read more about his session in this article from Infosecurity magazine here.

We Cannot Afford to Lose the Digital Revolution

As Glenn Gerstell (Former General Counsel, National Security Agency and Central Security Service) presented keynote, he started by sharing the story of NASA astronaut Christina Koch landing in Kazakhstan after almost a year in orbit and the uniqueness of landing in an area that is considered a US rival. This is the state of the new digital reality. Gerstell stated that this is the Fourth Industrial Revolution. Where it is possible for countries to leapfrog another via technology and the strategic implications of this reality.

The balance between the federal government and the private sector in regards to technology is going through rapid change and is of utmost importance in the digital age.

Gerstell noted three critical challenges:

1. China as an adversary and partner. That China can harness their private and public sectors to grow national strategic goals.
2. Rebalancing the role of the private and public sector where categories like AI and IoT provides ease, but in the wrong hands can wreak havoc.

Ultimately, who bears the responsibility for keeping our nation safe?

You can read more about his session in this article from the Journal of Cyber Policy here.

Other articles summarizing the sessions:

You can download this year’s summit presentations here. Below are links to articles that were written about several of the sessions at this year’s summit.

• Phil Venables: #RSAC: Make Security a Business and a Technical Issue

• Alex Stamos: #RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public

• Highlights: Cloud Security Alliance 2020 Highlights - Journal of Cyber Policy

Join CSA for our next big event in Seattle — SECtember 2020

Held in CSA’s home city of Seattle among the giants of cloud computing, this event will feature in-depth training, networking opportunities and interactive sessions with global experts. The inaugural SECtember will be held Sept. 14-18, 2020, at the Sheraton Grand Seattle.

The call for papers is now open. Visit sectember.com to learn more.