The big booths were glitzy and crowded. One was even set up with a spaceship model overhead. Many had seating arranged for presentations and ongoing demonstrations. Coffee, candy, popcorn, all sorts of giveaways.
I am not a fraud prevention expert. I am an identity expert. My passion is allowing people to assert who they are and to make it easy for them to use that assertion to the maximum extent possible to make their lives as convenient and efficient as possible.
Maybe it’s for that reason that I was not impressed by the big booths at RSA Conference 2018. They put on a show but it felt like they were wrapped in empty suits. Little innovation, endless lectures about cyberthreats and solutions that are easily circumvented and a feeling that people were stopping by to see old friends, colleagues and network, but not to buy.
I thought it was just me. But after the show, I noted a LinkedIn post from Mike Johnson, Lyft CISO, questioning whether RSA is even relevant anymore, saying that the expo floor is too overwhelming; many vendors had “flashy booths who aren’t doing anything different than they were last year”; and that he spends the year meeting with vendors so why the need to wait for a big conference.
I have several answers for Mike and others who may be wondering the same thing.
The innovation was at the perimeter. Most of the “next gen discussions” were happening at side events, offsite meetings, and at the smaller, 10x10 booths by companies that were trying to break through the clutter and explain to the world that past their horizon, there are new capabilities designed to deal with the cyberthreats of today.
The innovators are thinking about how to stop the 120% increase in account takeover attacks1 that occur after traditional authentication measures are deployed.
The innovators are thinking about how enterprises should deal with the fact that more than 9 billion records were stolen in the last 5 years, rendering KBA, MFA and tokens useless.
The innovators are thinking about how to marry up the security requirements and at the same time drive digital transformation.
The innovators are thinking about how to fit into the existing technology stack, understanding that it may not be realistic to rip out legacy infrastructure entirely. They are developing solutions that are cloud-based, privacy by design, identity and user-centric, to address the real cybersecurity challenge of today – which is not solved at the endpoint or at the device level.
I personally was impressed by the traffic at the BioCatch booth, but I agree that with some thought, there are ways to better highlight the innovators at a show as big as RSA:
- Have an Innovators Pavilion and showcase emerging solutions that have demonstrated promise and successes in key client areas but have not yet gone totally mainstream.
- Highlight in the show app/directory companies that are showing new and emerging capabilities, with a description on what those are; the descriptions can be reviewed by a peer group and provided in a factual and objective manner so this does not become an area for those that can spend even more marketing and sponsor dollars.
- A panel of CISOs can be convened prior to the show to vote on new solution/problem areas that they are looking for, and those solution areas can be highlighted on the conference agenda, like a CISO-approved track.
The true innovators are the ones thinking about solutions that meet security and consumer demands of today and tomorrow. With a little ingenuity, events like RSA could put those innovators in the spotlight, and leave those like Mike, and myself, pleasantly surprised.
1Source: Javelin Strategy & Research 2018 Identity Fraud Study