Thycotic Software has conducted a study at the event

Mar 5, 2014 19:41 GMT  ·  By

Privileged account management solutions provider Thycotic Software has conducted a survey at the recent RSA Conference to find out what attendees think about NSA surveillance. It turns out that only less than half of those surveyed believe the NSA overstepped boundaries on domestic surveillance.

Shortly after news broke that RSA might have included NSA’s flawed random number generation algorithm Dual EC DRBG in its BSAFE encryption libraries as part of a $10 million (€7.3 million) contract, some experts and organizations decided to cancel their engagements.

However, the RSA Conference still drew a record number of attendees: 28,500. This isn’t surprising if we look at the results from Thycotic’s survey.

Of the 341 conference attendees interviewed by the company, only 48% believe that the intelligence agency overstepped its boundaries by spying on US citizens. Many IT security experts believe the NSA’s actions are necessary for cyber defense.

21% of those who don’t believe the NSA overstepped its boundaries when it spied on US citizens believe that the government needs to monitor communications to protect the country against terrorist activity. 31% are conflicted. They claim to have nothing to hide, but they are concerned about the loss of privacy.

The list of those who have cancelled their RSA Conference 2014 engagements includes OWASP, Mikko Hypponen, Chris Palmer, Christopher Soghoian, Marcia Hoffman, Alex Fowler, Josh Thomas and Jeffrey Carr.

75% of the people who took part in Thycotic’s study believe that those who have boycotted the event are entitled to their opinion. 9% have thought of joining them. However, 17% said that those who boycotted the RSA Conference were just trying to seek attention.

As far as privileged access is concerned, only 19% of respondents say they’re confident that such access is used properly. 61% of those who have taken part in the survey either know of instances in which employees have abused privileged access, or they believe it’s likely to have happened.

“Regardless of where you stand on the issue, the attention around Edward Snowden’s alleged disclosures last year has raised major concerns worldwide around the risk posed by insiders who have access to privileged account passwords,” said Jonathan Cogley, founder and CEO of Thycotic Software.

“It’s disheartening to hear that so many RSA attendees think privileged abuse is happening within their companies, and it goes to show that there is a need to be more vigilant than ever when it comes to managing and tracking who has access to privileged accounts and sensitive data,” Cogley added.

“Regardless of intention, data breaches always have the potential to devastate a company’s reputation and create a significant drain on resources.”