The RSA 2010 security conference, held last week in San Francisco, saw notable improvements in attendance and sentiment over last year, reflecting greater willingness to invest in marketing as the economy recovers. The improved activity has also been reflected in strengthened valuations and deal flow since second-half 2009.
Here are some observations from the event:
- There were more federal and state government representatives walking the floor than ever. This is in line with what government/defense contractors are saying about a pick-up in IT security spending by public agencies and a surge in cybersecurity partnering/M&A interest by government IT security vendors.
- Government cybersecurity emphasis was also evident in the keynote speaker line-up, which included DHS Secretary Janet Napolitano, FBI Director Robert Mueller, White House Cybersecurity Coordinator Howard Schmidt, former DHS Secretary Michael Chertoff and former cybersecurity adviser to President George W. Bush, Richard Clarke.
- Security portfolio realignment among large IT vendors is underway. CA is rumored to be looking to divest much of its content security business. SafeNet (an Updata client) recently divested its OEM security division. Large system vendors, such as HP (when 3Com dust settles) and Dell, are believed to be looking at making large investments in new security products.
- Cloud-based security services received heavy buzz by vendors, as expected. This included “SaaS-ification” of existing functions (i.e. web and email filtering) and secure cloud enablement. Stoking interest was CA’s acquisition of 3Tera, which was announced during RSA, for a rumored 30x trailing revenues, as well as recent investments in private vendors such as HyTrust and Cloudmark, and ANXeBusiness’s February acquisition of ETSec.
- Areas of interest in addition to the cloud included:
(1) IT and enterprise governance, risk and compliance interest continues picking up in the aftermath of EMC’s acquisition of Archer (at a valuation believed to be in excess of 6x trailing revenues). Large vendors, including HP, Microsoft and Oracle, view compliance as tied to systems and security management and a large market opportunity.
(2) Secure Web Gateways represent one of the most significant growth opportunities in content security and remains an open field competitively.
(3) Blurring of consumer and enterprise security technologies, leveraging social media and rich web technologies.
- There appears to be renewed financial investor sector interest. VCs were seen in larger numbers strolling expo aisles and attending events. Hellman & Friedman, among others, is rumored to be looking to make a big security buyout.
- In the wake of Fortinet’s highly successful IPO late last year, conference attendees were abuzz about which security company might be next in line for a public offering. Potential suspects, based on size and/or performance, include AVG, Barracuda, ESET, Kaspersky Lab, Lumension, M86 Security, nCircle, Panda, PGP, Safenet, Sophos, Splunk, Tripwire, Trustwave and Webroot.
- In what has become a time-honored tradition, security holes at the conference itself were exposed by techies. Prior year exploits have included sniffing the conference’s wireless network and hacking RSA’s website. This year, sign-on kiosks that validate identities and print ID cards were exposed as hackable — which goes to show security remains a tough problem.
- In prior years we have noted that the conference has become increasingly dominated by large public IT vendors. However this year, judging by booth floor space, there was a resurgence among private “upstarts.” We believe this reflects rapid shifts in the computing landscape wrought by advent of the cloud, mobile computing and the interactive web. This necessitates a pace of innovation best handled by nimbler private vendors.