John Pescatore

The RSA Conference has followed a standard format for a long time now. The first couple of hours are talks by the major vendor sponsors and then comes the Cryptographer’s Panel, for me always the best part of the show. Like most years, up on stage are Whit Diffie and Martin Hellman, of Diffie-Hellman fame; the R (Ron Rivest) and S (Adi Shamir) of RSA fame; and cryptographer Bruce Schneier. Back in the day, the moderator of the forum used to be Peter Neumann of Risk Digest fame, but in these more commercial days the moderator is usually someone from RSA – this year it was Ari Juels of RSA Labs. Ari was fine, but to me Peter Neumann was sort of the Tim Russert of this kind of thing.

(I hope my wife never finds this blog – I can  just hear her snorting as she reads me talking about fame and comparing security people to Tim Russert…)

I enjoyed the Cryptographer’s Panel even more back when it was actually about crypto, but ever since AES came out it seems like the discussion is usually more about security and government policy in general, rather than particulars of crypto. Rivest and Shamir and Hellman tend to bring the discussion back towards crypto occasionally, but the discussion overall is usually fun and interesting – I used a quote from Shamir for yesterdays blog post. I would really like to hear their take on what has to happen to make encrypting stored data routine, and some of their predictions on what the next breakthrough in cryptography will be.

I spent the rest of the day at the show either in meetings or walking the trade show floor. The number of vendors on the floor seems to be down a little bit but not all that much – the security market is alive and well. All the usual vendors were there, a few trends:

• Just scads of vendors selling various forms of two factor authentication. Most of them seemed to have deployment examples outside the US – the password is still king in North America.
• Increased presence of small (and some large) Asian vendors – this will be one of the big trends of the future, I believe.
• Lots of “as a service” delivery options – another trend we’ve talked about in Gartner security research for quite a while.

Now, it may be just due to my getting old and having an 18 year old daughter, or it might just have been because of the abnormally hot weather (90 degrees! the actors hired to flog products in the booths were sweating bullets) in San Francisco this week, or it might just be a sign of the “maturing” of the security industry, but another major trend was a major increase in the booth babe count and cleavage level. I think it is really more of a misguided reaction to market conditions. 

I remember back when I worked at Trusted Information Systems and we were acquired by Network Associates in early 1998. The old Network Associates believed in old fashioned “sex sells” sales and marketing, and was running a commercial of a scantily clad singer writhing on a piano (a la Michelle Pfeiffer in “The Fabulous Baker Boys”) while a hacker robbed the distracted audience. We tried to convince them that the security market was changing, but they wouldn’t listen – they found out the hard way. I think we are at a similar change point in the security market, as the threats (both from bad guys and from rapidly morphing business processes and technologies) change – I don’t think the sales tactics for commodity markets will win out here.

Today I’m on a panel, then more meetings, hopefully a bit more trade show floor time then on a pink-eye flight to get back to the east coast. Maybe I’ll buy Ari Juel’s new novel to read on the plane home…

Submit a Comment »

Category: Uncategorized     Tags:

Share