RealTime IT News

RSA: The Great Big Security Meat Market

Reporter's Notebook: The more I have time to reflect on this year's RSA conference, the more I come to think of it as a big meat market. Sure, the bigger companies are showing up to tout their wares, but there was also a whole lot of checking out of smaller vendors going on.

This practice, of course, played well to a keynote offered by Art Coviello, executive vice president for RSA. Coviello should know; EMC bagged RSA last year.

Citing the increasing integration of IT security products with nuts-and-bolts IT infrastructure, Coviello predicted "an end to the standalone security industry within two to three years with the exception of a few innovative startups."

Coviello's claim dripped with irony and screamed for context. Understand this is a man who spent several years hosting his company's conference, talking about how important security providers are in the grand scheme of IT.

Funny thing is, security providers got so important that the EMC's, IBM's (ISS) and BT's (Counterpane) of the world felt they had to buy them.

This, of course, begs the question: what has RSA become but one big meat market for hungry IT vendors looking to gobble up security providers?

In an interview after the show, Coviello told me his prediction had elicited some interesting questions.

"Somebody asked if this trend means this is the end of the RSA conference. I said 'no, you'll have the innovative startups and infrastructure vendors still going to the conference,'" he said. "But at some level, a lot of those innovative startups will be outsourced R&D for the infrastructure companies that need to cobble up those technologies to the extent they haven't developed them themselves."

The takeaway? IT security is red-hot. Indeed, Coviello told me some 360 exhibitors came to strut their stuff at the show, roughly 60 to 80 more than last year.

So why is, as Coviello explained in his keynote, integrating security into products becoming the norm for IT infrastructure vendors?

The bottom line is sophisticated crimeware has CSOs and CIOs scared stiff. Having security built directly into the products may provide some piece of mind for enterprises worried about highly-targeted phishing, identity fraud and social engineering attacks.

Or, at least it provides the illusion of safety. Like throwing the extra wood brace on the cabin door to keep out a one-ton grizzly bear who hasn't eaten in weeks.

Because these days, cybercrime is propelled by profit. And we must never underestimate what people with a little knowledge might do for money. Coviello cited an IDC study that pegs the black market for procuring fraudulent identity is hurtling toward $1 billion.

One billion clams just for the identities? Ladies and gentleman, please board your life boats. This Titanic we call the Internet is going down.

But seriously, Coviello believes that if companies don't become more strategically relevant to their customers they risk being commoditized out of the business.

Fair enough. But I'm not playing Nostradamus today.

Wouldn't want to suggest that Symantec could use Watchfire or SPI Dynamics for some application scanning or even that RSA should buy a data leakage prevention provider like Ingrian Networks or Vormetric.

But Coviello did say publicly that RSA sees great value in data leakage prevention (no argument here) and will fill the gap in its platform with a buy or build.

Build?! Who does that anymore?!? Why build it when there are all these cool companies out there to pick up? To Art, I say buy a vendor or two, or three, and help fulfill your latest RSA prediction.