Perspective: Where's the security leadership?

This year's RSA Conference was another opportunity for the security glitterati to shine.

The event, which attracted a record 13,000 visitors, also was a testament to how hot the security market is.

As for me, I got a chance to walk the floor, meet top security companies and listen to a number of keynote speeches. I heard a lot of hyperbole and security dogma. Some vendors surprised me with their clarity of vision, while I was baffled by the hype and confusing messages of others.

Based on these conversations, I've taken the time to grade the vendors, based on my own subjective criteria.

A: Symantec. Wall Street still may not get the Veritas Software deal, but CEO John Thompson showed that he is a leader with chutzpah. He not only stood up to endless questions about the new Microsoft security offerings, he also described an integrated "risk management" vision where Symantec products and services work in concert to protect critical assets.

Symantec's booth also offered a potpourri products, demonstrating that it's more than just antivirus company.

B: Check Point Software Technologies. The firewall king has a fantastic product lineup, offering full integration into its Smart management tools. Nevertheless, Check Point seems to be at a crossroads. It needs to outgrow its "firewall-only" roots, sell security solutions and take the business to the next level. Large customers I spoke to haven't seen this happen yet.

Also, where was Gil Shwed? I certainly believe that Gil's industry status make him a natural keynote speaker for this event.

B: RSA Security. You've got to hand it to Art Coviello's gang. The conference is still a marketing bonanza for RSA, a relatively small $307 million company. This year's focus on identity and access management also helped boost RSA's position. But Wall Street remains unconvinced. The money guys believe the company relies too much on revenue from low-cost security tokens--a commodity market. RSA says that its tokens are a key part of security solutions that offer customers higher ROI than competitors do.

If you peel back the emotion, you also see that Microsoft really "gets it."

Maybe, but stock market types say this sounds a lot like the rationale Digital used to offer about its money-losing PC business. Adding fuel to the fire, RSA decided to abandon its historical practice of publishing token sales and average selling prices on a quarterly basis. RSA's logic makes sense to me--but it's never good when investors are scratching their heads.

B: Microsoft. Forget Bill's two-hour Windows commercial for a second. Microsoft's giving away anti-spyware? Minimal impact on Symantec and McAfee franchises, but I'd hate to be Webroot.

If you peel back the emotion, you also see that Microsoft really "gets it." The biggest threat to the industry is Microsoft's plan to integrate security with operations and administration tools--a powerful combination. Bill's company would get an "A" grade, except for one huge obstacle: Security people view Microsoft as a natural enemy. Changing this situation is bound to take a while.

B-: Computer Associates and Novell. I grouped these two together since they both play in the identity and access management piece of security. CA's message is good, and I truly believe CA has a comprehensive product portfolio, but there is an underlying sadness in Islandia that may take a while to overcome.

Novell's identity vision blew me away, but technical vision has never been in short supply in Provo. I still need to see some enterprise wins outside the old "red box" market before I drink the Kool-Aid.

B-: McAfee. Good products and great vision, but investors are hung up on the CFO change and impending financial results. This put a dark cloud on an otherwise sunny presence.

C: Cisco Systems. I didn't get Cisco's whole approach to RSA. First, it reannounced a bunch of products and acquisitions that didn't fool anyone. Then, John Chambers did his keynote speech, which reminded me of Khrushchev's "we will bury you" speech at the United Nations, presented with a hospitable southern accent rather than a banged shoe.

I didn't get Cisco's whole approach to RSA.

I have no doubt that Cisco will continue to expand its security footprint, but it needs to do a better job of putting the pieces together into a cohesive story, instead of flexing its PR and acquisition muscle and saying nothing in the process.

C- (on a curve): Internet Security Systems. This company continues to mystify me. It just completed its most successful year ever and has some growing products, but its "boil the ocean" strategy reminded me of IBM's infamous Systems Application Architecture, circa 1990. Remember? Everything was going to fit together from MVS to PS/2--only it never worked. If IBM couldn't use its vast resources to integrate its systems, what chance has ISS? I'd like to see a bit more realism and humility out of ISS next year.

I spoke to lots of others at the show: users, vendors, investors and venture capitalists. All were impressed with the size of the event, but most people judged the RSA Conference with two words: "nothing new." I share this feeling, so the companies I rated highest presented a prudent, business-centric and realistic view of security and themselves.

Security never will be sexy; it is about protecting assets from malicious attacks and accidental damage. Someone should spread this word around.

Biography
Jon Oltsik is a senior analyst at the Enterprise Strategy Group.

More Perspectives

Where's the security Leadership?

You do not mention "trusted Computing " in your article. I beleive that this will be the outstanding force in Security over the next year. All the major players are deeply inbeded in the standards and are making it happen with or without the Symantics of thi world. Any security article at this point should span into trusted computing as it is the future of security.


please do not post my E-mail address or name.

[regan73]

Dead on Demand - The Ultimate Data Security Solution

Ensconce Data Technology, creators of ?Dead on Demand? a unique solution to the Total Destruction of Digital Data Beyond Forensic Recovery!

Please read the following press so you may get an idea of what we have announced: <http://www.seacoastonline.com/news/01272005/business/61336.htm



"Dead on Demand" (DoD) Technology was conceived and developed to provide consumers, military, state and local governments with protection against unintended or unwarranted release of data from a Hard Drive. Consider the fact that this year alone, 260 million Hard Drives will be shipped without any means for permanently destroying private data to the microscopic level. In the cases of theft or unwarranted release, current known methods are not an option, as the data on the Hard Drive is already in the hands of the wrong person.



Ensconce Data Technology has successfully completed two years of documented research and testing with the following objectives in mind:



The process must destroy all hard drive data, permanently, with no recovery process possible;
The technology must be easily integrated into existing hard drive manufacturing processes or be easily installed into any existing P.C.;
The process needed a wide variety of simple to use interfaces that would trigger the destruction sequence on demand; when necessary, it can be done remotely.
The process must not inflict any collateral damage to the remainder of the computer or the surrounding area.
The process must be physically and environmentally safe.
The process must be superior to current hard drive data security technologies using software removal or physical destruction.