RSA 2016 was bigger and badder than ever. Over 500 security vendors at Moscone Center in San Francisco battling for mindshare, floorspace, restrooms, roads, BART, trains and more.
What gives? For one thing, security is a growing market. As more of our lives and business move online, more is at risk. Mobility is skyrocketing with billions of connected devices. And more applications are moving to the cloud with 2016 being the first year that the market for cloud applications exceeds the market for on-premise applications.
It is clear that cloud and mobile are inexorable trends. Resistance is futile. In fact, a top 10 Global Bank called us last week. We were surprised to hear from them since they had previously told us that they had no intention of moving to the cloud and viewed all cloud applications as ShadowIT to be blocked at the firewall. But now they asked if we could meet with their brass. "We are embracing the cloud in 2016 and need data protection. We hear that is your sweet spot," they said. 2016. The year cloud goes from being ShadowIT to IT!
What does all this mean for security vendors? For one thing, security cannot be sold as hardware and software in a cloud and BYOD world. There is no place to hang hardware and software when you don't own the infrastructure - third-party servers, third-party networks, BYO devices. The enterprise owns just their data and needs a solution to protect just their data. As a result, most of the vendors on the RSA floor this year will disappear.
There is one more side-effect to the cloud when it comes to security. With on-prem installations, LAN latency is a few micro-seconds allowing customers to chain multiple "best-of-breed" point products without performance penalty. In the cloud, WAN latency is tens of milliseconds prohibiting chaining. You don't choose the best database, the best app-server and the best load-balancer etc and cobble them together when you buy a cloud CRM solution. You get the turnkey package. Likewise with security. Vendors selling point products for just SSO, just cloud security, just mobile security, etc, will disappear. Customers need, seek and deserve integrated solutions.
The short of it is that we will see the emergence of new leaders in the data security business. Won't be the companies with the outsize booths on the RSA 2016 floor. And won't be the companies that equate cloud security with discovering and blocking applications as ShadowIT. Will be the companies who deliver real-time data protection in the cloud, at access and on any device, anywhere.