RSA Conference: Behind The NSA Fallout, Protestors And Boycotts Lies A Thriving Security Market


Public perception of the security industry and U.S. technology providers may have been tainted by National Security Agency leaks uncovering alleged links to the agency's global surveillance operations, but solution providers who attended this year's RSA Conference say that perception is far from reality.

Business is thriving among security-centric solution providers, they say.

J.J. Thompson, managing director and CEO of security consultancy Rook Security, attended the RSA Conference in San Francisco following a trip to China, where Rook Security is providing security consulting services to firms there. Thompson said the industry fallout has been minimal.

"It doesn't matter if you are in Beijing or Indianapolis, business owners don't want to be among the next big data breach victims," Thompson told CRN. "We all have the same goal of growing our business and protecting our interests."

Solution providers from around the world gathered for the industry's largest security conference last week, which was overshadowed by allegations that RSA, the security vendor behind the annual event, was paid at least $10 million by the intelligence community to support a controversial encryption algorithm that could be used to spy on potential terrorists. Nearly a dozen speakers protested the conference, protesters demonstrated outside the San Francisco venue, and RSA Executive Chairman Art Coviello was booed when he took the stage to officially launch the conference. Outside one area of the venue, protesters raised a red flag equating the alleged RSA-NSA ties. Meanwhile, across the street at another venue, an artist portrayed the conference facilities under the backdrop of flames and a black helicopter.

Following William Shatner's rendition of The Beatles' classic "Lucy In The Sky With Diamonds" to a security theme, Coviello followed by directly addressing the elephant in the room, acknowledging the company's close ties to the intelligence community for more than a decade and its early days of needing to grow its encryption business by selling into the federal market, dominated by defense contractors and government agencies with three-letter acronyms. Security firms are working with law enforcement and intelligence-gatherers at a time when cybercrime is flourishing and the guise of cyberterrorism threatens national interests, Coviello said.

Meanwhile, Coviello pointed out how far the industry had come since the conference's 1991 debut, which was attended by a small group of cryptologists. This year's conference was the biggest ever, with more than 25,000 attendees and 400 exhibitors, proving that security industry is thriving in the face of the NSA allegations.

"In all my years of being in security, I've never seen the state of investment and innovation that I've seen today," Coviello said. "This is all happening none too soon. The expansion of the attack surface and the growing amount of sophisticated malware and other viruses have outpaced conventional controls."

The chorus of boos and polite round of applause were replaced by sustained hand-clapping from the audience following Coviello's keynote. Attendees were pleased that he addressed the issues and called for a global ban on cyberwarfare and a discussion of the establishment of norms for nation-state-sponsored cyberspionage operations.

"Security is more important to businesses than ever," said Pat Grillo, president and CEO of Branchburg, N.J.-based Atrion Communication Resources, who attended the conference to visit with the company's vendor security partners over two days last week. Grillo said the exposition floor was so large -- it was split up into separate North and South halls at the giant Moscone Center -- that he had trouble making meetings on time. "We initially only walked through South Hall and you should have seen our faces when we were looking for our meeting location and were told it was all the way in North Hall," Grillo said.

Security vendors saw a growing amount of investment dollars flowing into their coffers in 2013, and the trend is continuing in 2014. At the RSA Conference, Shape Security said its appliance line received an infusion of $40 million in venture funding. Bluebox Security, a mobile security startup that just came out of stealth mode, is backed with $27.5 million in funding. Meanwhile, encryption vendor CloudLock, which launched a new product at the conference, recently said it received $16 million in Series C funding.

Grillo said the investments in emerging vendors, coupled with continued merger and acquisition activity and a growing technology partner ecosystem, have made business lucrative for security-minded systems integrators, but it also has increased costs and complicated deployments. More companies require sales and systems engineers to be certified on their products, Grillo said.

"We could have all our engineers in class all the time and be smart as hell, but then we'll be out of business," Grillo said. "No one would be out there doing work."

Peter Hesse, president of Chantilly, Va.-based Gemini Security Solutions, who has been attending the conference for years, said the attention to cybersecurity has helped him expand his business beyond pure application security. Hesse was pulled away from the conference to attend meetings with a global, Fortune 100 company that recently hired Gemini to help bolster its security.

"Business has been really good," Hesse said. "The focus on security and privacy has gotten everyone in the industry a lot more attention."

NEXT: Fallout From The NSA Allegations