Published: March 9, 2012
I spent last week in rainy and chilly San Francisco. That must only mean one thing; it's RSA time again. I've been to quite a few RSA conferences over the years, too many to count, it seems. The early years were truly serious security events with a no-nonsense vibe. Not that security is still not serious, but the last few years seemed like the hype was starting to overtake some important security developments. As I attended the first day of this year's RSA, I was bracing myself for another "Cloud" marketing onslaught, or possibly a "Big Data" blitz. I was pleasantly surprised. The message was more muted this year with an emphasis on getting back to the business of comprehensive security solutions.
Maybe this is an outgrowth of the recent security breaches--2011 was an unusually tough year for the security industry. With the spotlight shone on APTs, much of the talk returned to layers of defense. The message from companies like IBM and HP reflect a comprehensive strategy built to address security policies that can protect data up and down the stack and from core to edge, and beyond. Of course, these kinds of discussions naturally lead to the Big Data topic, specifically as it pertains to analyzing the massive amount of security data to effectively define and audit policies for data access and control. Tall order indeed, but I expect by the time we reach RSA next year this topic will be front and center.
I talked to a number of companies, both established and startups, that are addressing the problem of escalated privileges both at the desktop and data center. It seems that we still don't have our hands around one of the most powerful aspects of data vulnerability and one of the primary attack vectors for hackers. From examining administrative accounts and roles (Lieberman Software, BeyondTrust, Hitachi ID) to managing privileges on the desktop (Avecto, Viewfinity), there was a heavy representation of solutions for dealing with privilege identities and access. I wonder how many organizations, though, give this aspect of their security plan the weight it deserves.
Of course, even though the noise has died down, there is still plenty of talk around cloud. I chose to focus on companies providing an identity bridge to the cloud and they were there in spades. The cloud offers a unique opportunity for new companies with agile solutions to make headway into what's sure to become a dynamic and fast moving space. Ping Identity, Okta, and even RSA with their Cloud Trust Authority are definitely placing their bets. We'll really start to see movement as more application vendors open up their authentication to federation and companies start to see the real costs savings.
One thing I know is a strong bet about next year's RSA conference - it will be rainy and chilly in San Francisco.
*All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.