RSA Conference 2017 Preview: Three Themes I’m Watching
February 10, 2017 Leave a comment
- Serverless security and security product integration frameworks are two emerging InfoSec industry market segments worth watching.
- After contracting last year, the intrusion prevention system market should rebound thanks to new use cases and product innovation.
Next week, thousands of cybersecurity pros will converge in San Francisco for RSA Conference 2017. While there will be no shortage of interesting storylines, here are the three top themes I’ll be watching for at the industry’s largest annual confab:
Serverless Security. It will soon be possible to stitch microservice functions together at will to construct ad-hoc systems that produce the sort of complex data input-output actions that have always required a custom program or application. Microservices, and in turn serverless computing architectures, aren’t yet widespread, but this is the beginning of a technological wave that’s expected to be enterprise computing’s next major disruptor. Security vendors, in turn, will begin laying out their visions for serverless security. These entrées will be little more than strategy statements, and enterprises should treat them with a grain of salt. Vendors that were late to evolutionary trends in security – including mobility, virtualization, and cloud computing – have paid the price in lost opportunity, credibility, and ultimately market leadership; serverless security represents the next such evolution. I’ll be listening for vendors beginning to strategize customer needs three to five years from now, when serverless computing adoption is expected to grow dramatically.
Achievable Integration. There’s a logical reason behind the recent push among top-tier enterprise security vendors to build and market broad-based multiproduct security platforms. Enterprises have long been frustrated by lacking interoperability among their security point products, and leading vendors have attempted to capitalize by positioning their product ecosystems as integrated, one-stop shops for high-efficacy security architectures. However, enterprises will always need security point products for specific use cases, or simply to reap the benefits of innovation. Fortunately for enterprises, a new wave of third-party security product integration has begun, thanks to security product integration frameworks (SPIFs). SPIFs ease the difficult task enterprises face in integrating multiple best-of-breed security products from two or more vendors, enabling unrelated products to work together more effectively. I’ll be watching for further innovation from SPIF market leaders Intel Security and Cisco Systems, as well as challengers which may offer compelling integration alternatives.
Return of the IPS. For several years, security appliance vendors have touted the growing role of next-generation firewalls and, specifically, how the latest hardware can be made to perform edge network security functions, as well as the wire-speed packet analysis for which organizations have long relied on IPS products. Hence, it’s no surprise that the worldwide IPS market contracted for the first time last year, according to industry estimates. However, innovation, along with changing network security needs, may foster a rapid turnaround for the IPS market. There’s growing IPS demand for non-traditional use cases, including virtual patching, east-west traffic inspection on internal virtual and software-defined networks, and for network segmentation on internal network zones – or when bridging IaaS traffic with data centers. I’m expecting a fresh wave of disruptive activity by many IPS vendors, leading to an acceleration in IPS innovation and market competition in 2017.