It was obvious to most that traffic on the expo floor just wasn't what it had been in previous years. I too heard rumors that attendance was down between 12-13 percent, but agree that it felt like more than that. Not a surprising statistic when even the largest employers continue to announce layoffs and budget cuts. I was also struck by the lack of the 'new, new thing'. I generally spend time walking the expo floor, looking for interesting start-ups that I haven't heard of before which have an intriguing business model and I walk away saying 'I wish I'd thought of that'. They tend to have the smallest booths and are stuck in a back corner but make up for their lack of marketing muscle with a great new product or service. This year however, I walked away disappointed. Perhaps I was just too busy to spend adequate time at the expo, but I suspect that we're seeing the effects of the now well publicized drop in investment capital. While that's bad news for those seeking funding, it's welcomed by those that have managed to find required cash as they're likely to face less competition.
A Silver Lining?
I expected heading into the conference that 'cloud security' would be the catch phrase that would rule the day. Looking at the various product launches and flipping through the program guide it seemed as though everyone wanted to ensure that they were associated with 'the cloud' in some shape or form. A full 23 presentations dealt with cloud security. It was also clear that there's plenty of confusion surrounding what the cloud really is. The term 'Cloud Security' is also causing confusion as it is being used interchangeably to describe both the security requirements of generic cloud computing initiatives and security services delivered in the cloud. Perhaps companies such as Zscaler should stick with 'Security as a Service' to describe what we do. Fortunately, industry initiatives, such as the Cloud Security Alliance (keep reading) are emerging to help define this emerging space.
I'd like to thank Dave Cullinane (eBay), Arun Singh (Wipro) and John Ryan (IBM) for participating on my panel entitled Silver Lining: Debating the Merits of Cloud Security - A Customer Perspective. All three panelists are to some degree both consumers and producers of cloud security services so they brought a wealth of knowledge to the table. It's clear that Security as a Service offerings have a great deal to offer, especially during a recession but the race has only just begun. Customers, while accepting of the tradeoffs inherent in a cloud model are demanding powerful functionality and a low price point. It's up to us to deliver and for those that succeed, there is no shortage of demand. Our CEO, Jay Chaudhry also participated in a great panel on Cloud Security, which turned out to be standing room only.
On Wednesday, Jim Reavis officially launched the Cloud Security Alliance (CSA), a non-profit organization that is bringing together some of the best and brightest in our industry to help define cloud security. The CSA mission statement is to "promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing". I'm honored to be one of the founding members and to have contributed to the initial content including the Security Guidance for Critical Areas of Focus in Cloud Computing document released at RSA.
And what RSA would be complete without the plethora of parties to wine and dine prospects (or perhaps to just get rid of a little funding). I'm pleased to say that the recession did not seem to dent the enthusiasm of the party organizers. Two of my personal favorites were the WASC Meetup and the Security Blogger Meetup. While the vendor parties are great, nothing beats the chance to share war stories with industry colleagues over a few beers.
'til next year!