My hat’s off to the organizers of RSA 2014 which is held every year in San Francisco’s Moscone Center, as they achieved an unbelievable event this year. The show was not only incredibly well attended, (rumored to be over 25,000 attendees) with a record breaking year of attendance from the vendor community that required two enormous exhibition halls, but it was well organized. All-in-all, I believe that if one couldn’t get from the RSA Show what they wanted, then the problem probably laid more with the seeker than the organizers of this show!
Having said that, I would like to share a few pithy thoughts on my impressions now that I’ve had some time for the dust to settle. So, in no particular order:
It’s clear that security is big business: When making the rounds at the show, I was getting the sense that information security controls and safeguarding technology has grown up from a “geeky-little industry” that big companies used to just smirk upon, rising to a driving force behind scores of people’s lives and, moreover, money. One has come to expect the vendor booths being often ‘over the top’ with outrageous gimmicks, etc., however this year it was clearly so much more than this, and you really got the feeling of “big businesses” at work.
SDN is still a distant consideration to most: It’s amazing to me that the Open Networking Summit in Santa Clara and RSA 2014 in San Francisco were separated by just a few days and relatively speaking, a few miles. One of course was focused on security and the other on SDN. From walking around RSA I got the impression from the vast majority of exhibitors that most are either unprepared for the coming SDN revolution or ignorant to it. As I rounded booth to booth to booth, I could find few who understood this technology upheaval or were trying to address it with their technologies.
Cloud Migration & Consumerization of IT is Being Ignored: One striking theme of the vendors who attended is that most are speaking to enterprises. They talk as if enterprises are their audience and enterprise technology environments is the where the focus needs to be. For example there was a lot of focus on the data breach that affected Target, and little to the fact Spamhaus and numerous Carriers experienced large scale breaches and outages this year. It seemed to me that in our industry our solutions are not keeping pace with the macro trends that enterprises are migrating their IT to the cloud and are no longer controlling (or will not control any longer) the devices in which their employees access their systems going forward.
Governments-as-a-Vendor: I don’t know if it was just me, however I was particularly interested that there were representatives from numerous countries (e.g. Governments were presenting) throughout the world. It was amazing to see that the NSA decided to have a presence at the show and presented with a booth that was bigger than most of the vendors in the hall. I don’t know why, but this always strikes me a little creepy and perhaps it’s because I was born on the paranoid side of the bed!
Most security technology does not mitigate: The other striking situation is how many vendors don’t really provide their customers with end-to-end solutions. Almost by definition they provide ‘detection’ and then hand the problem to their customers to solve. Have you ever noticed that MOST security vendors don’t remedy the problems they uncover? It’s an amazing situation whereby most end-point security is about detection only – – no way to technically stop a problem, but rather just make you aware that one is underway. We have to get better at solving problems automatically as an industry.
All in all, I was generally impressed with this year’s show and as a security professional, feel RSA is a “must attend” event to help keep your finger on industry’s pulse and connect with other like-minded individuals for insight and information. See you in 2015, San Francisco!
Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.