Unlike many other conferences, RSA was held as planned last week in San Francisco with some 40,000 people in attendance. As I only needed an Expo pass to achieve my goals and the SOMA neighborhood of San Francisco is less than an hour from my house by train, my investment in RSA was small. The new coronavirus, COVID-19, meant some companies had pulled out of participating in the conference, but their absence was invisible to me on the show floor. I noticed no obvious empty areas. All the companies I came to see were there, and some with their top executives. My takeaways from RSA fall into three categories: overall impressions, company-specific insights, and lessons learned.
Overall impressions
Security is a hot topic. More and more companies are painting themselves as security companies, and every one positions itself as essential. I would hate to be an enterprise IT manager or CISO these days facing an onslaught of security threats and an even larger onslaught of security vendors. It seems no one can escape without a small army of these solutions, and who is going to integrate them all? This problem becomes increasingly pervasive as new technology, especially SDN, allows us to disaggregate — or, more accurately, disintegrate — hardware and software functions into more atomic units. Who will step up to integrate these disparate pieces, make them work together, and support them when something breaks? The vendors of point solutions don’t seem to care.
Company-specific insights
Among others, I expressly sought out Netronome, Ixia/Keysight, F5, and Ubiqube both to catch up on what they are doing and to share with them relevant developments in MEF. MEF has launched an initiative on Application Security for SD-WAN. The LSO architecture and APIs provide useful abstractions for both technology layering and multiprovider federation. In my assessment, SD-WAN offers a platform for many new applications but also exposes an increased threat surface, so Ixia and F5 have major interest there, though the staff I met were not decision makers nor could they speak for them. Ubiqube offers a small-footprint orchestration solution, incorporating security features, that relies on the important MEF and TM Forum APIs to slide into many environments without disrupting other parts of the stack; this is the key objective of the north-south LSO APIs. Talking with their CTO enabled me to reach meaningful understanding and interaction.
Netronome serves enterprises rather than carriers because their re-encryption solution requires the network operator to own the encryption keys. In a re-encryption application, encrypted streams must be decrypted before being processed by firewalls, load balancers, and other bump-in-the-wire appliances. They are then re-encrypted for their next path, and the enterprise owns both sets of keys. Interestingly, Netronome’s business has shifted from a longtime focus on smart NICs to re-encryption, bringing actual chips and chiplets, IP, and software to bear as end-to-end encryption becomes a method of choice for many enterprise flows. A conversation with their CEO and CTO got me the answers to all my hard questions and skipped the fluff. I very much appreciated their attendance.
Lessons learned
The industry’s response to the coronavirus has caused many of us to re-evaluate the conferences, trade shows, and other face-to-face meetings we are so used to attending. I wish more of the RSA exhibitors had also thought this through. If I am going to brave the recirculated air of jet planes or commuter trains and the shared door handles — and everything else — of public areas in order to attend these gatherings, I want the exhibitors to be cross-eyed focused on delivering serious business value. CMOs need to rethink. For me, the days of show-off, two-story booths are over. The contests and competitions appear childish. And the continued appearance of booth babes insults not only the too few women we have in the profession but also us men who support more gender equity.
I’m glad RSA was held and that I attended. I appreciated the many disinfectant stations — though, interestingly, the gel they contained was antibacterial not antiviral — and the willingness of people to swap handshakes for fist and elbow bumps. Much of what is conveyed upstairs in the sessions can be, and is, conveyed successfully online, as some of the canceled conferences are learning. However, face-to-face encounters, such as those had in the Expos, cannot be easily replicated virtually. Therefore it is crucial that they deliver effective and efficient business value, and that means bringing knowledgeable staff and ditching the cheesy entertainment.