It's nearly time for that annual spring ritual: the RSA Conference at the Moscone Center in San Francisco. ESG data tells me that, despite the recession, global organizations continue to spend on security products. So I expect another good show, though I do anticipate that the $500 kegs of Heineken at vendor booths will be omitted or replaced with Bud Light.
With the show less than a week away, here is the buzz I am anticipating. For this year, I'm including my hyperbole-to-reality ratio in my assessment.
Server/desktop virtualization security. (High hyperbole/low-to-medium reality). Security professionals are frightened by the prospects of virtual server sprawl but most server virtualization implementations today are pretty elementary. It's important to anticipate--not hype--these security requirements.
Security virtual appliances. (High hyperbole/low reality). Instead of shipping a white box Intel server pre-loaded with software, many vendors now offer the same thing pre-configured to run as a Virtual Machine on VMware ESX. Good for IT operations but to me this is like taking pride in the fact that you distribute software over the Internet rather than shipping CDs.
Cloud security. (High hyperbole/low reality). I'm actually participating in an effort with other security folks to help define what's needed for cloud security. Since we are just figuring this out, I don't think the time is right for cloud security products.
Conficker. (High hyperbole/high reality). I'm actually very intrigued and somewhat frightened by the sophistication and evolution of Conficker. That said, Conficker is just the latest example of a "blended threat" that we've been talking about for years. Lots of vendors will claim that their product detects or prevents Conficker but those claims are kind of lame and represent what's still wrong with the security industry. Conficker demands, coordinated defense-in-depth, good security intelligence, and IT operations processes. No product that I know of offers all this.
Data-centric security. (High hyperbole/high reality). Yup, confidential data is leaking out of organizations like Niagara Falls but, again, no single product can stop it. Will any vendor talk about a confidential data security architecture, best practices, and training? I doubt it.
The merger of desktop security and desktop operations. (Low hyperbole/medium reality). These two disciplines live in separate IT silos but they are coming together like peanut butter and chocolate. McAfee, Microsoft, Symantec, and Trend Micro get this but users are still a bit behind so I don't expect to hear much.
The merger of identity management and security. (Low hyperbole/high reality). This is another union I fully expect, and users do get that identity and security management go hand-in-hand for business process enablement and compliance. The buzz around this will be subdued however since there are but a few strong identity management players like IBM, Microsoft, Novell, Oracle, and Sun.
Cybersecurity. (High hyperbole/high reality). The whole crowd in San Francisco next week is waiting to hear Melissa Hathaway's recommendations to President Obama regarding the review of federal cybersecurity programs. This will give us something good to talk about at all the cocktail parties.