John Pescatore

A member of the Gartner Blog Network

John Pescatore header image 2
RSA Conference Day 1 Whither Mobile Malware?

Last Day at RSA

April 23rd, 2009 · 2 Comments

Wednesday morning I was on a panel about the state of the information security business – you can see a summary here.  I’m always struck by how people want to either treat information security as just like any other technology business, or as totally different from every other technology business. Of course, it is really at neither extreme – it shares many of the basic business drivers of every market (read: sellers who want money, buyers who have money) but in many ways operates very, very differently than other IT markets.  The key is understanding those unique aspects.

Sarah Friar of Goldman Sachs moderated the panel, and these types of talks are mostly attended by financial firms and vendors (read: investors who have money, businesses who want money.) I had lots of side conversations after the panel and there were the usual two common threads:

  1. When will everyone “get” security (read: spend waaay more on my product, or pay waaay more to buy my portfolio company)
  2. When will the cataclysmic event happen that will cause everyone to “get” security? See point 1.

These, of course, are exactly the wrong questions. The right questions are:

  1. What are the security problems people have that I solve better? (read: more effectively)
  2. What are the business problems that my security solution can solve better? (read: more efficiently)
Imagine if Apple built a cookie cutter MP3 player or cell phone and then said “when will people “get” portable audio or cell phones?” 
The rest of the day was formal meetings and informal meetings and schmoozing and then a dash for the airport. Broad range of topics in my various “hallway design reviews” with folks. On the vendor side, lots of trying to figure out how to surf the “cloud” hype wave. On the user side, lots of talk (mostly PCI-driven) around encrypting stored data, and dealing with targeted attacks – I was on my botnet soapbox fairly often.
I try to stay away from vendor-specific comments in a Gartner blog, but I’ll try to post some thoughts on vendor booth-land, but today I’ll leave you with a photo of what roving photographer Vic Wheatman decided was the most interested booth at the show:
  
Whenever a vendor uses the word "holistic" in a briefing, I automatically substitute the word "imaginary"

Whenever a vendor uses the word "holistic" in a briefing, I automatically substitute the word "imaginary"

Share:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • MySpace
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati

Tags: Uncategorized

2 responses so far ↓

  • 1 Doug McLean // Apr 24, 2009 at 1:36 pm

    I attended the panel and thought it was remarkably good this year. Sarah kept it moving pretty rapidly and you all covered a lot of ground. The other thing I noticed about RSA this year (but, it’s only my fifth) was the increase in sessions about public sector cybersecurity. It’s probably a function of the breaches we’ve seen in the last year and the “excitement”, if that’s the right word, about the President’s 60 day cybersecurity review. The timing was a little unfortunate, however, as all Melissa Hathaway could say in her keynote was, “We’re done, but I can’t tell you what we reported…yet.”

  • 2 John Pescatore // Apr 24, 2009 at 3:02 pm

    Glad you enjoyed the panel. The amount of federal content at RSA goes up and down but I agree this year (like in 2002) there seemed to be a lot – mainly because all those security vendors are looking to see if the government spending will start shoveling money towards security!

Leave a Comment