« Annual ABA ISC+EDDE Meeting After-Report | Main | RSA 2010 - Day 1 Round-up »

RSA 2010 - Innovation Sandbox: Not Really Innovative

Where has all the innovation gone? I was very much looking forward to talking to the startup vendors selected as finalists for this year's Innovation Sandbox at RSA. After last year, I suppose I should have set my expectations a little lower, although realistically it would have been impossible to set them low enough to avoid some level of disappointment. Because, quite honestly, I was quite disappointed.

Of the 9 finalists, 6 had "cloud" point solutions, largely targeted to the hypervisor, with one that did some funky inline crypto stuff that made me wonder. 2 finalists had "new" authentication approaches, which were sort of interesting, but they didn't solve the larger problems with authentication. The 9th finalist was also potentially interesting in that they provided a nice visualization dashboard for risk management, but the biggest downside was that all data had to be independently entered. There was no integration with any GRC products, and so while it looked pretty, it wasn't overly sensible. So, yes, I was a wee bit disappointed.

A Theory...
So, I have a theory about why things seem so stale. Quite simply: there are no technology solutions that can solve people/org theory problems. We have an evolutionary gap in terms of how we, as humans, detect and respond to so-called threats that don't actually threaten us physically. We as a race have well-adapted capabilities (fight or flight) for detecting and responding to physical threats, but there's really no analog corollary for digital threats.

Sure, there are other areas where there is room for improvement. Compliance management (the balancing act that is only going to get more difficult as regulations increase exponentially), documentation+records management (think legal compliance, eDiscovery, and so on), and then of course all the normal operational security challenges we deal with on a daily basis (IAM, change mgmt., config mgmt., yada yada yada).

Now, where there is definitely a need for innovation is a leap forward. Unfortunately, I don't think we'll see that until humans catch up. Until then, it'll just be another day at the office...

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/1005

Listed below are links to weblogs that reference RSA 2010 - Innovation Sandbox: Not Really Innovative:

» Reflecting on RSA 2010 from The Falcon's View
Not to be outdone by Anton, I thought now was probably as good a time as any to finally sit down and knock out some of my quick reflective thoughts on the week+ of RSA 2010. For those who don't... [Read More]

Post a comment

About

This page contains a single entry from the blog posted on March 2, 2010 12:44 PM.

The previous post in this blog was Annual ABA ISC+EDDE Meeting After-Report.

The next post in this blog is RSA 2010 - Day 1 Round-up.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.