Thursday, April 30, 2015

Disruption in Security Industry -- Reflection on RSA 2015

RSA 2015 was one of the best technology conferences I have been to in recent years.   Here are my top 3 observations:



Public admission that "the perimeter is gone".
    • Make no mistake about it, much of the security industry is still selling the "perimeter" boxes at the show big time, but I am impressed by the public acknowledgement nevertheless by the likes of RSA, Cisco, CA about the notion of "the perimeter is gone".
    • Perhaps perimeter's existence is a fallacy to begin with, but it takes a lot of courage from the "traditional" vendors to come forward and admit.
    • “The largest enterprises with the most sophisticated, ‘next-generation’ security tools were not able to stop miscreants from making off with millions of dollars, personal information, and sensitive secrets and damaging reputations,” Amit Yoran, the president of RSA, said in his keynote speech Tuesday.   
    • Amit's statement is profound and reflects the awkward state of the current the enterprise and data center. Disruption in security is about survival for the customers!
Amazing energy and advancing in "cloud security".

    • The energy is definitely moving away from the on-prem solution (remember the days where DPI is the biggest showing off moment not long ago?) but more onto solutions taking care of SaaS, public cloud security etc..  
    • One simply cannot take the on-prem security architecture to the cloud. Disruption in security is about architectural necessity.  
"Security DevOps" ain't just a dream.

    • I would have thought security team is the last one embracing devops/agile but it is safe to say I underestimated the progress so far.
    • Intuit guys blew me away with their learning through DevSecOps. 
    • Silos prohibits sharing and slows business things down. The disruption in security is as much about mentality shift as about technology transformation.