First, a disclaimer. I attended two days of the RSA conference this week and saw and interviewed several vendors. Interviews by myself and others were videotaped and will be available soon. However, the sheer number of exhibitors and others was tremendous. I am sure I did miss some of the great technologies and vendors. But below are my impressions.
Crowd at the registration area.
It goes without saying that security plays a great role in almost every product segment. This industry is growing even though many technologies come and go. Two noteworthy trends are mobile and ID management. Mobile, along with cloud computing, is one of the few areas where IT shines. Security of mobile computing means different things to different people. A company like TeleSign uses a mobile phone to verify identity for network access, while Mobile Active Defense coined the term mobile device security management (MDSM), claiming that the security services covered by the blanket term mobile device management (MDM) do not protect your mobile phones enough. In addition, Echoworx provides an encryption technology for mobile phones like the iPhone. I was behind the curve in not knowing how powerful the iPhone’s processor is. It has enough power to encrypt/decrypt on its own platform. And their app can be downloaded OTA easily. They allow encryption on both communications and data storage. It is interesting to observe that people who had been using a cell phone and moved to a smartphone do not seem to realize a smartphone is really a small computer with all kinds of security breach possibilities. Those of us who came from server and PC environments may feel constrained on such a small platform, but we are well aware of the security threats of mobile computing.
The second noteworthy trend I saw, ID management, is of vital interest. We get online using multiple IDs to access many different sites. I am sure I have more than 20 IDs of my own for work and personal use. I, for one, cannot remember all the IDs and their associated passwords. It would be a nightmare for an enterprise with many employees having multiple online accounts for different clouds to manage such a huge number of IDs. As we talk about hybrid clouds, people want to have a single ID to seamlessly access any cloud they use. BeyondTrust provides privileged ID technology applicable to physical and virtualized environments, including cloud computing. I did not have a chance to drop by Symplified, but they seem to have a good solution.
We need a robot at any show!
Other companies, like Fortinet, Solera Networks, MokaFive, Akamai, and Zettaset, were also very interesting. I plan to blog on some of the companies mentioned here. Fortinet provides unified threat management (UTM) appliances. In the mid-1990s, I ran a division of an international company that developed and marketed a turnkey firewall and VPN box (a UTM appliance, in today’s terms), running a PC version of Unix (no, it was not Linux; there was such a thing then). Now hacking is more sophisticated and network speed is reaching 40 G and 100 G. Affordable yet easy-to-use appliance solutions are a must for any size business. Solera Networks has a technology to monitor high-speed network flows and detect anomalies by using their analytics. Andrew Brandt was very knowledgeable. We retook the interview because the first was a bit too long and too detailed. Actually, I liked the first better and appreciate his profound knowledge. MokaFive was founded by four researchers from Stanford University and Vinod Khosla, who makes five. Virtualization on the desktop is behind server virtualization. Incidentally, the server virtualization pioneer, VMware, has its roots at Stanford. Mendel Rosenblum is an associate professor there and one of the founders of VMware. They provide a copy of the virtualized environment on a central server, and each desktop runs it. In this way, they avoid complex agents and copying each update from the server. Can they be the next Sun, Yahoo, VMware, or Google? That remains to be seen.
Unfortunately, I did not hear a word about energy conservation or technologies along that line. Only remotely related was yaSSL, which provides security (SSL) for embedded environments. The embedded platform by necessity makes their footprint and resource requirements extremely small. We are talking K not M or G at all. If we are consciously saving the consumption of resources in embedded environments, why not apply the same mental frame to other platforms? I would like to revisit the idea of Energy Star for software, which no one gets except Jose Iglesias of Symantec.
Finally, my sincere apology to the GreenSQL people. Because of our internal miscommunication, we missed an appointment with them. They are a SQL firewall company, and their product protects MySQL and Postgres databases specifically. As hacking and attacks get more sophisticated, we may need a specialized firewall for each application. I do not know, but something like a SQL injection attack may be hard for firewalls to detect at corporate entry points.
More to come. Stay tuned!