Get Smart about Business Spending
RSA 2009: A yawner at best
In my humble opinion, the RSA 2009 security conference, held this week in San Francisco, was extremely flat compared with past years. Yes, the economy had a lot to do with it. I believe last year's attendance was around 17,000 people, and I've heard that this year was off about 12 percent to 13 percent. Personally, I can't believe there were more than 10,000 folks there.
Beyond economic woes however, RSA 2009 was still rather lifeless for a few reasons:
The speakers. The keynote speakers really had nothing new to say. This was especially troubling because the lineup looked so strong. Unfortunately, the most disappointing speaker of all was President Obama's cybersecurity point person, Melissa Hathaway, who read from a script and said next to nothing about her cybersecurity research effort. Hathaway underwhelmed an audience of security professionals, missing an opportunity to bond with a constituency whose support is critical to her success.
The topics. In the past, there was always one topic at RSA that grabbed everyone's attention. Not this year--same old tired stuff.
The vendors. I'm now convinced that most security vendors have no conception of what their customers need. Vendors pitch point technology solutions while users are crying for help to secure their IT-based business processes. There are really only a few security vendors that recognize this. I can't overstate how much this disconnect alienates the security community.
I was certainly pleased to see the active discussion around cybersecurity and public-private cooperation, but even this fell flat. Too much boring rhetoric and nearly no action.
It's time the security industry recognizes a few realities. First, the whole term "security" is a misnomer. The real goal here is risk management. Second, users don't want security technologies, they want solutions based upon the old IT triad of people, process, and technology. Finally, reducing risk has to go hand in hand with business process enablement. In other words, make the business agile and secure.
What do I expect for 2010? I'm pretty cynical and a bit frightened at this point. If the security industry can't understand the relationship between business processes and risk management we are all in trouble.
Jon Oltsik is a senior analyst at the Enterprise Strategy Group. He is not an employee of CNET. 
Yes, conference overall was disappointing from a corporate user/buyer perspective. We heard similar figures on attendance but given the keynotes and exhibit floor I also believe attendance was around 10,000. The RSA event has really become a forum to meet partners and explore strategic, reseller or co-opetitive relationships. Most folks I met that were in business development roles did not have time for lunch, yet alone yawn -- for partner meetings you can't beat this event. However, exhibit traffic was pathetic -- we were down 50% from previous years. And there were noticeable no-shows on the floor including Adobe and Verdasys. Many of the keynotes were flat and content-free. I also expected much more from Hathaway's presentation: she read it as if we were six year olds and she was putting us to bed.
Good news: there are technology and solutions available that represent game-changing opportunity for this industry and deliver on the promise of information-centric security; yet, they continue to be relegated to nothing more than a footnote in many of the discussions. Yes, Jon you know what I'm talking about :-)
- by Baer April 27, 2009 1:03 PM PDT
- Just another Obama apointee who is not up to the task.
- Reply to this comment
-
(4 Comments)