Deb Radcliff filed this RSA wrapup.

Everyone’s always asking those of us from the trade press about trends we see at RSA.

Some will tell you RSA this year was all about virtualization, which already seems like an old story with vendors like Blue Lane Technologies and Reflex Security stepping in to monitor the heretofore unwatchable layers created by virtual machine managers and their guests.

Others will say it’s all about data leakage protection, and we sure saw a lot of that at the conference this year, with Symantec, Trend Micro and others taking leakage protection to a more comprehensive level at the endpoint and gateway.

Unified authentication and use of federated identity frameworks are also gaining momentum, with Microsoft discussing its unified access approach, TriCipher announcing over 50 web applications (SalesForce, WebEx, Google, etc.) in its user single sign-on portfolio, and so on.

Ultimately (true to RSA President Art Coveillo’s Tuesday morning keynote), the overall conference boiled down to more holistic management of risk under the following bullet points:

• Looking at security from inside out instead of outside in (protecting data instead of the network)

• Driving protections deeper into the infrastructure to make it more of an operational function rather than a separate security function

• Using security as an enabler for new types of business

All good and necessary aspirations. But one theme that subtly carried across and outside the conference was this nuance of surveillance – surveillance of children (Symantec’s upcoming family security suite), surveillance of IP traffic, including  through the ISPs.

The theme of being watched resonated outside the conference, starting with hotel rooms booked through the RSA block. On Monday night, little piles of colorful conference bling and fliers appeared on doorsteps of all RSA attendees who registered through that block. They know where you are, and so does everyone walking down the hallways looking at the bling in front of all those doors. RSA used a middleman to deliver the bling to the doors, according to a spokesperson, but that’s still creepy.

That same feeling also carried over to the end of RSA bash Thursday night, in which RSA Conference organizers put a lot of work and expense into setting up different forms of entertainment in the Marriott ballrooms. In the Karaoke room, for example, local entertainers set up a 20-foot black pyramid topped with a giant, 12 by 10-foot face-shaped screen with a nose protruding. Onto that screen was projected the face of a real person taking questions, acting all knowing like the Wizard of Oz, while looking ominously down upon them. (See my friend Liz Safran’s picture of said face here.)

Then there was the face painting room. With security and privacy blended so closely together, it was amazing how many security practitioners blithely stood in line to get barcodes painted on their foreheads. Not only did the fake barcodes wreck their coiffures, they made their bearers repulsive – every time one walked by it made you think of the ‘mark of the beast’ predicted in biblical revelations.

All in fun, one might say. But given the level of desensitization among this crowd, it looked more like a parody of things to come.

The press has been locked out of RSA’s Friday keynote by Al Gore, and the registrar says it was at Mr. Gore’s request. That’s gonna be difficult to enforce, thousands piling into this massive auditorium, but the handful of us with the green tags on our badges aren’t allowed? Meanwhile, at least 20% of those thousands with the general conference tags do some type of blogging and they still get in.