RSA Conference Answers Some Questions, Raises Others

The companies are gathered in San Francisco for the 11th annual RSA Security Conference 2004, the sector's biggest event of the year. Showcasing more than 200 vendors on the show floor, the conference features a wide range of panels, tutorials and keynote presentations, all designed to highlight the most pressing issues of the day.

Microsoft chairman Bill Gates kicked off the conference with an opening keynote on Tuesday. His message largely stuck to a pitch about his company's latest security initiatives, but he summed up the theme of the week -- and of the year -- when he asked, "The one real security question that exists today is will the network be reliable and protected enough to keep people using their computers, e-mail and the Internet?"

Analysts attending the show agree that much work remains to be done in an industry that promises to be both growing and in flux during the coming year. To wit: Even though the RSA show is hosting more than 200 security vendors, another 150 to 200 security companies aren't attending, suggesting that the sector is in for some serious winnowing.

The task for these companies is to solve as many specific security problems as they can while realizing they can never solve them all. What's crucial going forward is figuring out the best way to address security concerns for sectors whose adoption rates depend on a favorable perception of their reliability.

For example, Web services, long touted as a cheaper, more efficient alternative to traditional software, still has significant security hurdles to clear before it will be widely accepted. Ant Allen, a research director at Gartner Group, says it will be a few years before we see an appliance that can secure a network perimeter the way it needs to be done for Web services to thrive. In the meantime, the emergence of the services model is creating other security problems, some anticipated, some unforeseen.

"With Web services, one of the more challenging areas is dealing with security threats because the services themselves provide new ways to get around enterprise perimeters," Allen says. "Even with the standards that have been agreed upon, Web services security still doesn't deal with some types of attacks. There's a vulnerability in the way Web services are implemented that exposes legacy systems to external threats, so rather than simplifying things, Web services are posing a new class of problems."

Wireless is another area that the industry hopes will help drive an overall recovery, but it too is being slowed by security issues. Julie Ask, senior analyst with Jupiter Research, says that although wireless networks will increase from about 25 million right now to about 100 million by 2009, the growth isn't as explosive as it should be, largely because the proper security for the networks isn't in place.

"The 802.11i standard was supposed to be ratified by summer, 2003, but it won't be done until this spring, so that's put a lot of deployments on hold," she says. "Rather than try to work with existing protocols, a lot of enterprise customers are just choosing not to deploy wireless networks at all, and it has been a barrier to growth in the industry."

The market will eventually dictate which of these 400 or so companies will be left standing. In the meantime, any technology sector that has unresolved security concerns,which is to say, all of them,would be well served to take a slow and steady approach to growth and expansion.