Record Crowd, No Surprises at RSA Conference

This year’s RSA security conference held no fireworks, no new game-changing products and very few surprises—but experts believe the relative lack of excitement was actually a good sign of the overall state of the security field. Held last week in San Francisco, the RSA conference drew a record-setting crowd of more than 17,000 security practitioners, vendor reps, analysts and media members.

“There hasn’t been a whole lot of new stuff to come out of this show, but that isn’t necessarily a bad thing,” said Robert Ayoub, an analyst for Frost & Sullivan. “Security as a field is maturing. I think a lot of what we saw and heard validated things that were predicted at previous years’ shows.”

For example, at RSA several years ago, many experts lamented the fact that too few security chiefs were granted a seat at the “adults’ table” with the CEO and board-level executives, claiming that this level of involvement was the only way for security to be taken seriously within the enterprise. Today, this is finally happening, said Howard Schmidt, president and CEO of R & H Security Consulting LLC and former CSO of eBay and Microsoft.

“We’ve never been in more demand than in the past couple of years,” Schmidt told Baseline at the show. “Those not sitting at the table at least get invited to dinners every once in a while.”

More of the security officers who walked the halls of Moscone last week are reporting directly to their CEOs, and more than ever, their efforts are shifting from technology-centric concerns to matters of business strategy and innovation, Schmidt said. This was reflected by session offerings, such as how to effectively present to a board of directors and RSA CEO Art Coviello’s keynote on the role of security in business innovation.

Frost & Sullivan’s Ayoub believes that this directly impacted happenings on the show floor, which mainly spotlighted maturing technologies over disruptive technologies. “We’re definitely seeing security become more integrated into business line decisions, and as part of that, you can’t have an industry that’s completely changing every 12 months and still be tied to C-level decisions,” he said.

Ayoub viewed this year as a validation of information-centric security techniques, particularly of maturing data leak prevention (DLP) offerings meant to stem the tide of high-profile data breaches plaguing enterprises.

Another technology trend apparent at the show was the increased push by infrastructure vendors to decrease the security footprint within the enterprise blueprint and do a better job “baking” security functions into the infrastructure. Vendors like Hewlett-Packard (HP), Microsoft and Hitachi were hawking their efforts to build security into the infrastructure, so that general IT products will work securely.

“For a lot of our customers, security is too complex and too confusing, and it doesn’t necessarily get smaller when you apply money to it,” said Chris Whitener, chief strategist for HP’s Secure Advantage program. “We want to promote this idea of simplifying things. We don’t want to build a separate security management infrastructure—or another security console ‘thingy’ on the side. In most cases, these capabilities should all fold into the infrastructure.”