CRN caught up with two Australian RSA channel partners to discuss the trends they have noticed during this year's RSA Conference.
Securing the cloud was the major theme this year in San Francisco and the Aussie resellers were keen to find out more.
CRN: How often do you attend the RSA Conference? How is it of use to your businesses?
Adam Davenport, director, Loop Technology: I do try to come every year, and this year I have come as a guest of RSA. I find the conference really helpful to find out what's going on [in the industry].
First of all, I like to see what the big guys are doing in way of acquisitions or trends and strategies and I also like getting around and seeing the little guys as well, to see what's new and exciting.
Tim Smith, security practice director, Bridge Point: I come pretty regularly, this is the top security conference worldwide and there's a great selection of keynote speakers. You struggle to get them all in one place [usually] so the conference is excellent for keeping up-to-date with what's going on.
From a policy perspective and also from a technical perspective, it's good to see what the big players are doing, the one's we're familiar with, and also there's a number of vendors here we haven't seen in Australia yet such as R-Sam and Cyber-Ark Software. A couple of years ago when I last came, I noticed that some of those vendors [then] don't seem to exist any more; if they're a decent technology they've been acquired by the big guys.
CRN: Cloud security was the big theme at this year's conference. Two years ago when I last attended the focus was on data loss prevention and information-centric security. The industry is still talking about protecting information but its location has changed and so have the technologies. How are you keeping up with the pace?
AD: It's quite interesting what the main trends are at RSA this year. Last year, in the conference program we counted up around 27 DLP vendors; this year, I think there are eight - and they tend to be big ones. So there's obviously been some consolidation, some of them probably went bust last year and some of them have decided that maybe it's not an area they want to play in.
Everybody is talking about the cloud be it the public cloud, private cloud or the hybrid cloud. Unlike other parts of IT, security seems to be like the fashion industry, it changes every year. Whereas, if you're selling servers and switches, they get bigger and more powerful every year, but security is completely different. What is it going to be next year? It's quite fascinating.
TS: Yeah, you kind of feel that the cloud has certainly got momentum, you can argue whether it's new or not, I'd argue that it isn't for me it's a bit more of a new term for something that has been existing for a long time. But, the cloud and virtualisation are here to stay.
The difference is that the consolidation has happened in DLP and I'm pretty sure that we'll see consolidation in the cloud as well. But there is a huge emphasis on securing that environment. I'm seeing a lot of vendors right now that have specific products around securing VMware and virtualised environments as well.
DLP is not so big this year is because it's gone through that hype cycle; people are actually implementing it now.
CRN: Art Coviello, president of RSA said in his keynote address on Tuesday morning, that enterprise is shunning the cloud because of security - mostly regulatory and compliance constraints around the location of sensitive data. Is it the same in Australia for the enterprise?
TS: I think we've had that initial explosion with the cloud and its services being available. We're actually seeing more of our enterprise customers having a cloud, but hosting it internally in their own data centres, where they still want that flexibility of building it on demand and tearing it down when it's not required.
AD: Government doesn't like to outsource its infrastructure and that's always been a bit of challenge for cloud services. For example, Salesforce.com isn't going to provide CRM services to government because the government doesn't want their data on a site that's somewhere else.
During his keynote, Art said that one of the problems in the US is that because of all the regulations around risk, using the cloud becomes more complicated. In the US, the legislative framework is so different, there are so many more drivers that we don't have in terms of legislation. There are new ones coming out all the time and that causes US businesses to think about IT differently that we do. It would be nice to have some of those changes in Australia - maybe we'll get them one day soon but it really is a big driver on customer behaviours out here.
In Australia, we've kind of got the reverse problem in that we don't have that same regulatory environment, so maybe that might mean that leaving aside the government that in Australia it might be easier to take it up because there aren't the same laws and regulations controlling what they have to do.
We have to rely on [company] directors being sensible and tell companies about risk and liability and it just makes it a bit harder. We're a bit behind the curve, that's why we haven't had the uptake in terms of DLP.
CRN: Multi-tenancy was another theme at RSA this year. Are competitive companies such as Coke and Pepsi really willing to share their data on the same cloud?
TS: They could, and the thing is, [organisations don't know]. One of the key issues also is that those kind of questions are not being asked, so really you can have security in place but a lot of it is contractual written around service level agreements (SLAs).
For the enterprise we're seeing a much bigger push particularly in Queensland around whole of government services so there is a whole of government cloud being build in Queensland, but that's not outsourced it's in-sourced, to the Queensland Government's service providers - so it's a private cloud.
CRN: What's your relationship with RSA?
TS: At Bridge Point, our relationship with RSA goes back many years and that relationship is based on our consulting services - we are PCI compliance QSA (Qualified Security Assessor). There's really two sides to this security business. There's compliance and security architecture and implementation. What RSA offers us is a suite of tools that actually help customers achieve compliance very quickly and - with the Archer acquisition - I think that's absolutely key to that.
We're very much a consulting-led organisation, but we have the skills to remediate, and RSA is a great fit because they really cover the full gambit for what's required for compliance.
AD: At Loop Technology, our business has been a long term RSA partner. The partnership started off around the Secure ID product so we have big install base of Secure ID customers. And what we've done is leverage that base, as RSA has developed other products or purchased other companies, we've looked at introducing those customers to new products as well as bring in new ones.
We pretty much look at the whole suite of products. It's a good position to be in as a security integrator to align yourself with the right vendors: they do the R&D and they worry about what's the next big thing that's coming along and they help us get up to speed with those technology then help take it to the market.
CRN: Finally, are there any other major topics you were hoping to hear about?
TS: I really am interesting in seeing what's happening in the cloud and the next generation around DLP. The real hot ticket for me is the government, risk, and compliance type products.
AD: The cloud is interesting to me I want to get a grip on what it means and how it's being positioned and how best my firm can take it to market.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
