The vendors know that most IT organizations can no longer say "no" to users bringing in their own devices or broadening the set of devices the company buys and supports. They see a nice new revenue stream in supporting that revolution.
On the cloud front, there's a renewed interest in authentication management and supporting strong authentication. Most of us have at one time or another thought about using the phone as a second factor -- though when authentication is for an app you're accessing through your phone, one might question if using it as your second factor really such a good idea. Nonetheless, SSO and authentication management for off-premises services is becoming a hot topic. Individuals are experiencing authentication fatigue from the myriad of username and password rules they must conform to. Some have taken it upon themselves to use password vaults, but a better bet is SAML based authentication so that IT stays in charge of the process.
One of the more major announcements was HP's entry into the security market in a bigger way. The TippingPoint IPS has been something of a lone wolf in HP's lineup. And while it's generally recognized to be a high-quality product, others, notably Cisco, with more complete product lines have been able to make the case for more complete and integrated systems. As HP unwinds years of strategic relationships with other vendors such Cisco and Oracle, it's making bold moves on a number of fronts to beef up its offerings including in security.
HP's big four are: TippingPoint, ArcSight -- a security event management system, Fortify -- an application level security assessment tool, and DVLabs, which is part of TippingPoint and monitors Web site reputations with its RepDV service. All of these products are leaders in their categories, and if HP is able to do a good job of integrating them (and that’s a big "if"), it’ll truly have made a stand as a leader in the security infrastructure space. Not that it's up for sale, but throw in the Palo Alto Networks firewall to this mix and you'd be hard pressed to find a vendor with better offerings across the major security systems (albeit all on separate hardware and with separate systems and teams). The concern here is the usual one for when large companies buy best of breed products -- don’t mess 'em up as you try to integrate them. HP also plans to offer managed services based on this product set managed by the capable hands of Jim Alsop.
HP claims that with this set of products it's much closer to offering a holistic view of risk for large IT organizations. It's hard to argue with that view. However, from the CIO's point of view, it'd be nice if HP introduced its security product team to its application performance management team (the Mercury folks) to produce a truly holistic view of performance and risk. This is the stuff that non-technical CxOs and even Boards of Directors will value in understanding the cost and benefit of technology spends.
SEE ALSO:
RSA: Defining Cyberwar And Rallying Defenders
RSA: HP Proposes Holistic Security
RSA: Symantec Sees Stuxnet In Your Future
RSA: Microsoft Revises Computer Quarantine Proposal