« RSA 2010 - Innovation Sandbox: Not Really Innovative | Main | RSA 2010 - Day 2 Round-up »

RSA 2010 - Day 1 Round-up

It's already Wednesday morning, which means the first full day of RSA 2010 is in the can and quickly receding into the past. Overall, things are fairly standard quo again this year. Sessions galore, vendor keynotes, and a busy expo floor. This last point is perhaps the biggest difference from 2009 in that the expo floor is, in fact, quite busy. My impression is that a lot of realistic networking and lead generation is happening this year.

Before I hit themes, one tidbit of interest. I spoke with a couple guys from Boston who specialized in financial fraud. One of the fellows had calculated the cost of doing a wholesale revamp of the card infrastructure to be about US$12B. That is far more than the card brands are eating in fraud costs today. Moreover, today the merchants bear most of the fraud burden, whereas the cost of a complete infrastructure overhaul would be primarily borne by the card brands (although these costs would obviously be passed along to the banks, merchants, acquirers, processors, customers, etc.).

There seem to be a couple subtle themes this year. Cloud computing is of course very prevalent, but it's far less "in your face" than last year. A lot more vendors seem to be realizing that "cloud" is a tool, not a destination or silver bullet. This observation seems to suggest that a reasonable degree of sanity may be returning to PR and marketing, if only for a short time.

Another subtle theme is the adoption of the survivability mindset. Increasingly, vendors and businesses seem to really grok that there is no such thing is 100% (or absolute) prevention. This realization leads immediately to the next step, which is saying "what are we doing to help improve our ability to recover from an event?" I had an excellent conversation with Tripwire, in particular, where we talked extensively about how we can tackle this challenge and how the sales pitch, as well as product development process, is evolving to better meet this reality. It seems that all the hype over Advanced Persistent Threat (APT) has helped move the needle on this issue, too.

The other big part of Day 1 was the parallel start of Security BSides San Francisco. I was able to spend the morning out at the BSides venue, pariSoMa, in order to sit through some very interesting sessions from industry luminaries like Andrew Hay, Marisa Fagan, JJ Jabbusch, and Michael Santarcangelo. Unlike the formality of RSA panels and presentations, BSides seeks to provide an informal venue for interactive collaboration between presenters and participants.

Day 2 is now underway as I post this update. I will be sitting in on a few Law sessions, hope to see the big federal talking heads keynote panel in the afternoon, as well as catching up with a few key vendors on the expo floor.

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/1006

Post a comment

About

This page contains a single entry from the blog posted on March 3, 2010 12:15 PM.

The previous post in this blog was RSA 2010 - Innovation Sandbox: Not Really Innovative.

The next post in this blog is RSA 2010 - Day 2 Round-up.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.