“Today I’m happy not to have an RSA Conference badge on me,” Mikko Hypponen, head researcher of Finnish security company F-Secure told the inaugural TrustyCon conference in San Francisco last weekend.
Hypponen was referring to what was one of the world’s most prestigious information security conferences hosted by industry vendor RSA.
RSA are known to many corporate computer users for their SecurID authentication tags; the little key fobs that give a passcode for secure networks that illustrate this post.
Sadly for RSA’s users those tags were compromised in 2010 and the company did its best to obscure, if not downright hide, the problem both from the industry and its customers.
However, the killer blow for RSA’s reputation was an article in Reuters at the end of last year claiming the US National Security Agency had paid the company $10 million to weaken its security protocols.
The company denies this but the damage was done. As Hypponen says, “When a security company can’t be trusted, what do they have left?”
How the RSA lost the trust of security professionals is a good lesson for all of us; our businesses rely upon the goodwill of our customers and our peers. If we betray their trust, we’re hurting ourselves.