For those of you who couldn't make RSA's latest thrash in London I can report that there were, as expected, no real surprises. It's a shame as cyber security is booming at a time when emerging technology promises possibilities to transform the solution space in ways that should blow the minds of traditional practitioners.
Unfortunately such a change demands original
thinking, smart investment and a buccaneering appetite for risk taking that is
sadly lacking in both the public and private sectors. I know from personal experience
that if you develop novel ideas for creative product development they are
unlikely to gain much traction in a blinkered research and business environment
that prefers to focus and build on established practices and cash cows. (I've
been forced myself to abandon projects to build solutions based on models of
the human immune system and imaginative analysis of network data through lack
of UK Government funding.)
The end result is that new products tend to be little
more than incremental improvements of long established solutions. In the past
thirty years I've encountered as many new breakthroughs as you can count on one
hand. There is always however a new fashion or spin to place on new releases or
product variations each year.
If last year's trend was BYOD, then this season's
buzz phrase is Big Data. This particular one is very significant as it really
does herald something new, though its inspiration is no more than a reflection
of contemporary business trends in data mining coupled with the existence of growing
audit logs, rather than the outcome of any serious problem-solving analysis.
Take Splunk for example who were promoting their
latest Big Data security solution. Splunk is clearly a leading engine for data
miners and I'm a big fan, but the security application looks like it's been put
together by a firewall administrator rather than an experienced data miner. I
met more than one colleague who told me their company was investing in the tool
for business applications though not for security. But watch this space. Solutions
will evolve beyond all expectations.
Several other products on display exhibited that
not-quite-thought-through-or-finished-off quality, such as technologies that lacked
a hardware root-of-trust or other products that were clearly designed by ad hoc
security folk rather than subject matter experts. But there were some interesting
products on display. I liked for example the concepts behind Bromium, an
imaginative virtualisation-based solution, and Mykonos, a honey-trap technology
that encapsulates the new spirit of deception that will progressively underpin
security in the new information age.
All new products need improvement of course and the
RSA Conference is a good opportunity to delivering essential feedback because
it's attended by leading users as well as senior vendor executives and their research
and marketing teams. The development of new products is often locked in an inevitable
conflict between the road map drawn up by the CTO and the conflicting demands
of early customers. RSA Conference provides a useful forum for helping to settle the arguments.
And this year's conference proved to be an
excellent environment for networking. The new layout of the exhibition area - with
smaller stands and more seating - encouraged visitors to relax and interact with
their colleagues between sessions rather than stand in a corner checking their email
and missed calls. On one day for example I sat down with a venture capital colleague
to have lunch and we were immediately immersed in a facilitated debate on
social media. We both enjoyed it.
I thought the new layout was a move in the right
direction: more customer engagement and discussion about the relative merits of
the technologies on display, and less direct product promotion. Let's face it if
you want to buy a product, you're much more likely to be influenced by the
opinions of another user you've met rather than the pitch of a salesman on a
stand. Too many conferences waste energy on big stands, free gifts, loud music
and tacky promotions, rather than creating a calm environment to engage people
and discuss how to use and improve products.
What of the
presentations themselves? The track sessions were too numerous to cover. There were
some good debates but nothing really new, and they left me with an impression
that many speakers spend more effort on the presentation title than the actual
content.
The keynote addresses were generally lacklustre, clichéd
and short of new ideas or compelling rhetoric. We need more than abstract pronouncements on the wonders of Cloud Services, Big Data and Intelligence-led Security. Philippe
Courtot of Qualys always comes across as the most visionary and authoritative vendor but this year he gave us nothing new. MIsha Gleny had a fascinating tale to
tell of hackers, criminals and spies, though I was left with the impression
that he was largely reading from his book.
Jimmy Wales was the undoubted star of the show,
and came across as a jolly nice chap with healthy, balanced views. I offered my
congratulations on his new marital status but he reacted as though I'd taken
the wind out of his own announcement. In fact for the first half of his talk,
the lack of any mention of his celebrity-studded wedding seemed to be the
elephant in room. But Jimmy's important closing point was to remind us that the
biggest threat to Freedom of Speech is well-meaning but misguided legislation. Even
in a world of fast changing risks, some things never change.
Subscribe to blog feed
Leave a comment