John Kindervag

Trying to guess what will be HOT at RSA is always a fun game.  2009 promises to be different than most years as pure technology may not be the focus of this year’s show.  Attendance may be lighter and conspicuous consumption of new gadgets may no longer be in vogue.  We’ll know more come Tuesday, but in the meantime, here’s our guess as to what the big topics may be:

1.  It's the Economy, Stupid.

Every year the message is “buy our product and we’ll make you more secure.” Be assured that vendors still want your money, but budget-conscious CIOs and CISOs are changing the game this year. Expect a lot of messaging in 09 around the big financial Buzzronyms (buzzword+acronym) such as TCO and ROI. The smaller companies see an opportunity in this crisis. We anticipate that RSA will signal a much needed price war in the security space. Larger, more established companies may struggle to compete on price, especially if they are publicly traded. Stockholders hate seeing margins slashed. 

2.  The "Cloud" is a cool name.

The IT and Security marketing people finally got one right. The transition from a clunky, cumbersome acronym like SaaS to the ethereal, evocative term “cloud” probably has as much to do with the uptick in outsourcing security as any other factor.  et’s face it, “cloud” just sounds cool, as in: “Hey, let’s just send that to the cloud.” It makes it sound like you know what you’re talking about, whereas using the word “SaaS” always sounded like you were cursing. Plus, cloud services may sound right in an era of tight money, as these providers promise tremendous costs savings. Don’t get me wrong; IT security in general is horrible at branding. The last good brand in our business was the firewall, which resonated with customers. Today we have things like DLP, which we all know is really all just mirrors anyway, or SIEM, which is unpronounceable. Come on security marketers! A little originality please?

3.  If you've got money, we're listening.

The economic crunch is hurting security vendors. Many startups and even some established companies are mostly VC funded and those VCs need to get their money out pronto. Cash is king and companies with cash will find bargains out there as backers contemplate an exit strategy. Startups that turned down buyout offers just last year may be feeling seller’s remorse, as it may take a couple of years to get to the pricing levels we were at in Q3 '08.  I know of at least one big acquisition announcement planned for RSA and I anticipate others. Does the recent Sourcefire announcement with Symantec signal a potential acquisition? After all, SF has been an acquisition target for awhile now. Time will tell.

4.  It's easy being Green.

Green IT makes us feel warm and fuzzy. It is also the best buzzword bingo term to come out in a long time. There’s a bandwagon a rollin’ so expect security vendors to jump on it. Will green products make you more secure? Good question.

5.  Vendors love Compliance.

Expect PCI and other compliance initiatives to be pushed and promised all over the place. Compliance is great for consumers and vendors and a pain for corporations. There is nothing better than the big stick of compliance to force you to buy a product. Compliance is important as it incentivizes good security practices, but beware of over-hyped products that promise the moon. Caveat Emptor.

We’ll follow up in May and see how well our predictions worked out. Stay tuned and have fun at the show. Hope to see you there.