RSA Conference: Great Companies and Some Confusion
In the coming weeks many will write about what they learned at the 2016 RSA Security Conference in San Francisco. Here is my “you heard it here first” take on what is most important for those in the industry, based on 100+ interactions with customers, vendors, and investors at the show.
The rise in funding over the past decade in cyber has created many great solutions to real customer problems. In fact, various estimates suggest that nearly $9 billion has been invested since 2010 (yes – you read that correctly). Nonetheless, this outpouring of investment has also fueled the creation of a myriad of products that leave many customers exasperated. “…my team is very talented but really struggles to put together the right mix of products and technologies to solve our problems,” noted one Chief Information Security Officer. Another formertechnology executive turned consultant said he felt that “…picking the right solution is very difficult in an environment where one problem can be solved by many different products and varied methodologies.” Customers, both consciously and not, emphasized this as one of the consistent challenges they face when
making buying decisions.
Convergence On Identity
Convergence is a theme that has been ongoing for some time in technology. A classic example of convergence is home internet. Consider how many offerings you, as an individual, now consume through your home internet connection instead of through various different delivery channels. Music, video, television, purchases – all of these converge through your home internet and create value you for you in the form of ease of access, time savings, money savings, etc. The ISP benefits by selling more bandwidth, and service providers like Netflix both gains and services customers at a lower cost.
In the same way, there are a few key convergence points in security. One that has been evolving and maturing for some time now is identity. Identity management is key because it connects users with their activities and related risks. I expect the importance of identity to increase and become a key value driver for security companies who have thoughtful offerings that relate to and leverage identity.
Cyber Not Immune From Tech Bubble
Many have opined recently on the current state of tech valuations emanating from Sand Hill Road and Southpark. Rumors of downrounds and financings like Spotify’s convertible note offering – a structure typically used for early stage startups that can’t predict their valuation – point towards declining valuations in general. In cyber security, where valuations and funding has been consistently hot for some time now, startups and investors alike are nervous. One proxy for this sentiment is the Nasdaq CTA Cybersecurity Index, which is off almost 25% over the past twelve months. One investor I spoke with is anticipating a large consolidation in the security industry that could resemble the dot com crash with a key difference being a heavier exposure of losses to private equities. I am not quite as bearish, but the sheer number of exhibitors did leave me feeling like the space is getting, well, a bit crowded.
So what does all this mean?
Three key takeaways emerge:
1. Customers want solutions that solve security challenges AND reduce complexity in their organizations. Vendors with a real solutions orientation
(not slideware!) will have an advantage over those with single point solutions, even if those single point solutions are bestofbreed.
2. The herd is going to be thinned. Smaller and mediumsized security companies would do well to think about how they fit into the landscape and
fill key gaps in larger vendors’ offerings. Valuations from strategic buyers are likely to be better than those from financial investors, and those in need of funding should think carefully about how their options might change in 6, 12, 18, and 36 months. Similarly, larger vendors should be moving quickly to identify those bestofbreed solutions that can fill their gaps and help them create that real solution customers are seeking. Investments that strengthen areas such as identity could make sense for some vendors with less mature offerings.
3. Vendors need to talk to customers. Vendors, especially larger ones, have an opportunity to use customerled innovation. There is always a lot of talk in the security industry about how customers dictate strategy and development. I think this is true in some cases. However, the overarching sentiment I get from vendors is that they are not building products and developing strategy based on current customer needs and voiceofthecustomer analysis. Anchoring strategy and development on customer needs can help drive improved performance for vendors (and customers!) and create lessrisky growth paths.