RSA 2016: So Cool, and Yet So Confusing

RSA is a huge event for the info security industry. With 40,000 attendees and all the major security ISVs, equipment manufacturers and IT service companies gathering (and spending millions of dollars in the process) there is no doubt that information security is top of mind. 

Over the course of this past week, several thousand attendees (and more than a few press and analysts) stopped by the Centrify booth to pose with our half-protected heroes, have a conversation with us about their security concerns and learn a little more about Centrify. As another week of RSA wraps up I thought I would highlight one profound impression and one big observation.


Profound impression: Security products, once sold to network administrators and first level IT managers, are growing up. Increasingly, security technology companies are targeting CIOs and CISOs with their messaging and features. No doubt this is due to the extremely high profile attacks in the past couple of years that has C-suite, board members and investors paying very close attention to security. Purchasing security products is no longer a means to quick win to mitigate a nagging compliance finding. Instead, security is now clearly a business issue and not just a technology issue.

There is also a ton of confusion among attendees (and press and analysts) as to what products and features are necessary and effective at stopping (or at least greatly mitigating) these devastating and unrelenting cyberattacks. Chief among the questions that I fielded all week was “how are you different/better than vendor X or Y or Z?” At first I simply assumed that the person asking knew what they were looking for and was shopping for the best ratio of features and price for their needs. But as I dug deeper it was clear that there were a lot of confusion and assumptions about requiring many different products to protect each and every user community and resource silo in the enterprise; that there is simply no common approach to stopping cyberattacks. 

I was very much reminded of a shopping trip to the grocery store where you have to assemble the ingredients from a 3rd party recipe and then assemble (integrate) them into on cohesive meal and pray that you got it right before the guests show up. In this analogy you might find yourself comparison shopping for multiple security products such as a solution for managing identity, another for single sign-on, an MFA solution, a big data security solution, secure remote access products and an enterprise mobile management solution. Each of these solutions might have a different flavor if whether you are dealing with your employees, partners or customers. Then assembling these security “ingredients” may require expensive integration services and may still leave gaps or blind spots. The point is:

Big observation: There are simply too many security products on the market. Period, full stop. 

There will and must be a consolidation of niche security products (I call them features) and small security vendors into tightly integrated and broadly applicable identity security platforms. These platforms will facilitate the ability for any enterprise user to securely and conveniently access any corporate resource from any location and device, whether in the cloud, on mobile or behind the corporate firewall. 

Centrify already leads the way in developing and delivering a unified identity security platformWe are already seeing other vendors scramble to follow us or find a dancing partner to follow our lead in this crucial fight to mitigate the leading cause of cyberattacks — compromised credentials.

In addition to the excitement at the booth, Centrify’s CEO Tom Kemp gave a keynote at RSA, sharing his experience with the growing threat of “CEO Fraud,” which you can read about here.