For those of you who couldn’t make RSA’s latest thrash in London I can report that there were, as expected, no real surprises. It’s a shame as cyber security is booming at a time when emerging technology promises possibilities to transform the solution space in ways that should blow the minds of traditional practitioners.
Unfortunately such a change demands original thinking, smart investment and a buccaneering appetite for risk taking that is sadly lacking in both the public and private sectors. I know from personal experience that if you develop novel ideas for creative product development they are unlikely to gain much traction in a blinkered research and business environment that prefers to focus and build on established practices and cash cows. (I’ve been forced myself to abandon projects to build solutions based on models of the human immune system and imaginative analysis of network data through lack of UK Government funding.)
The end result is that new products tend to be little more than incremental improvements of long established solutions. In the past thirty years I’ve encountered as many new breakthroughs as you can count on one hand. There is always however a new fashion or spin to place on new releases or product variations each year.
If last year’s trend was BYOD, then this season’s buzz phrase is Big Data. This particular one is very significant as it really does herald something new, though its inspiration is no more than a reflection of contemporary business trends in data mining coupled with the existence of growing audit logs, rather than the outcome of any serious problem-solving analysis.
Take Splunk for example who were promoting their latest Big Data security solution. Splunk is clearly a leading engine for data miners and I’m a big fan, but the security application looks like it’s been put together by a firewall administrator rather than an experienced data miner. I met more than one colleague who told me their company was investing in the tool for business applications though not for security. But watch this space. Solutions will evolve beyond all expectations.
Several other products on display exhibited that not-quite-thought-through-or-finished-off quality, such as technologies that lacked a hardware root-of-trust or other products that were clearly designed by ad hoc security folk rather than subject matter experts. But there were some interesting products on display. I liked for example the concepts behind Bromium, an imaginative virtualisation-based solution, and Mykonos, a honey-trap technology that encapsulates the new spirit of deception that will progressively underpin security in the new information age.
All new products need improvement of course and the RSA Conference is a good opportunity to delivering essential feedback because it’s attended by leading users as well as senior vendor executives and their research and marketing teams. The development of new products is often locked in an inevitable conflict between the road map drawn up by the CTO and the conflicting demands of early customers. RSA Conference provides a useful forum for helping to settle the arguments.
And this year’s conference proved to be an excellent environment for networking. The new layout of the exhibition area – with smaller stands and more seating – encouraged visitors to relax and interact with their colleagues between sessions rather than stand in a corner checking their email and missed calls. On one day for example I sat down with a venture capital colleague to have lunch and we were immediately immersed in a facilitated debate on social media. We both enjoyed it.
I thought the new layout was a move in the right direction: more customer engagement and discussion about the relative merits of the technologies on display, and less direct product promotion. Let’s face it if you want to buy a product, you’re much more likely to be influenced by the opinions of another user you’ve met rather than the pitch of a salesman on a stand. Too many conferences waste energy on big stands, free gifts, loud music and tacky promotions, rather than creating a calm environment to engage people and discuss how to use and improve products.
What of the presentations themselves? The track sessions were too numerous to cover. There were some good debates but nothing really new, and they left me with an impression that many speakers spend more effort on the presentation title than the actual content.
The keynote addresses were generally lacklustre, clichéd and short of new ideas or compelling rhetoric. We need more than abstract pronouncements on the wonders of Cloud Services, Big Data and Intelligence-led Security. Philippe Courtot of Qualys always comes across as the most visionary and authoritative vendor but this year he gave us nothing new. MIsha Gleny had a fascinating tale to tell of hackers, criminals and spies, though I was left with the impression that he was largely reading from his book.
Jimmy Wales was the undoubted star of the show, and came across as a jolly nice chap with healthy, balanced views. I offered my congratulations on his new marital status but he reacted as though I’d taken the wind out of his own announcement. In fact for the first half of his talk, the lack of any mention of his celebrity-studded wedding seemed to be the elephant in room. But Jimmy’s important closing point was to remind us that the biggest threat to Freedom of Speech is well-meaning but misguided legislation. Even in a world of fast changing risks, some things never change.