Mark Twain once wrote that the coldest winter he’s had was a summer spent in San Francisco.
Good thing we came in the winter, and even better that we attended the annual RSA conference – it was anything but cold. In fact, it was sizzling hot, almost to a boiling point when the water starts to bubble. In many ways the two adjacent, huge conference halls of the Moscone center felt like a giant pot left to boil and waiting to explode. Everyone who’s anyone was there, and then some hundred others you haven’t heard of. From the Industry Giants, who populated the north hall with huge booths, some two story tall, with the complimentary raffles (all offering mini iPads to the lucky winners) and booth babes, to modest small booths on the south side hosting some lesser-known start-ups company. The conference provided a terrific vantage point to view the current state of the industry. To summarize in one sentence – big and growing fast. This year’s expo was almost twice the size of last year’s, with close to 400 companies participating, many more companies “visiting” (or suitcasing) and thousands of visitors. And there is also great variety of products and offerings, almost to a point where the exhibition floor felt like a Middle Eastern bazaar… and the hustle bustle was not limited to the conference site, it was felt in a two miles’ radius, where every hotel, restaurant or bar was stuffed with RSA conference badge wearing folk, talking, having business meeting or just partying the night away.
Prior to the conference there was a bit of negative buzz and calls to boycott the conference due to RSA past involvement (according to Snowden) with the NSA, and some keynote speakers even cancelled their participation and opted to talk at a competing, non-mainstream event called Trustycon (also taking place at San Francisco at the same time). If people actually avoided the RSA due to this controversy, it went unnoticed – there were thousands of visitors who participated and enjoyed this event.
It was difficult, but we were able to identify several prominent trends from this mayhem.
Investment and Consolidation Craze
There’s definitely a feeling of “big fish eat little fish “, where entrepreneurs are being seduced by VCs, smaller companies being snatched by bigger ones, and medium companies being swallowed by the behemoth of the industry. Almost everyone we’ve talked to was either after raising some capital, after opening a US office or prior to meeting a potential investor. There’s some money on the floor and everybody wants a piece of the action. I attribute this both to the herd mentality of VCs (and investors alike), and the fact that in the last year the cyber security industry has become much more accessible to the general public in terms of understanding the needs and solution types required (some of which are yet to be developed).
Threat Intelligence and info Sharing Platforms
We should look outside and understand the type of threats which are out there. Also, information sharing would be a good idea. So why not combine the two an offer a platform where different threat information could be pushed and distributed to customers? Sounds almost obvious, but we are only now seeing a more mature view of the industry on what threat intelligence is and how it should be aggregated, filtered and disseminated.
Sure, cloud is THE trendiest of them all. And with it come acute security challenges and possibilities. So there were many companies offering solutions for securing cloud applications, and, on the other hand, many offering cloud based security solutions.
Again, not terribly difficult to predict that mobile and BYOD would be a hot topic. And there were myriad solutions for the mobile world. In fact, it has become almost impossible to distinguish between the different solutions, and too many companies appeared to be doing the exact same things. I assume it will take this segment of the industry several more years to reach maturity and allow clarity regarding solutions types and their merit (also safe to assume that mobile solutions companies will be quickly snatched by larger, more established companies to enrich their portfolio and provide a more holistic security approach to organizations).
Industry and US Centric
Kind of superfluous, but needs to be said – this event is very much industry centric, with few customers (or potential buyers) compared to industry participants. Also a very much US centric, which is not surprising, since the main bulk of the industry resides within the states. Notable non-US exhibitors were Germans and Chinese (each with a pavilion) and off course the Russian giant Kaspersky Lab (the only exception to this was the extremely high concentration of Israeli companies, which comprised a whopping 15-20% of exhibitors, and many of the visitors).
I hope these characteristics will erode over time, as the industry needs to open up more to the public and obviously there is a huge global market for cyber security solutions outside the states.
As for us, we did not invest in a booth but rather roamed the halls, trying to meet as many potential partners and sales channels. I gotta say we’ve met some terrific companies, some with very similar views to ours and hopefully we will be able to forge some alliances very soon and attack the US market.
And a final word- what was the greatest gadget on display? It was a small wooden box, semi analog and over 60 years old. Yes, there were two original Enigma deices on display, which attracted many more visitors to the booth displaying them (one of the belonged to the NSA) than any booth babe.