I’m incredibly excited about attending RSA’s next conference, which will be held November 4-5 in Abu Dhabi. This marks the first time we’re holding a conference in the region and I certainly hope we’ll have many more. Let me tell you why.
As I look at RSA’s overall business, I’m especially interested in newly burgeoning security markets. Areas of rapid economic growth are compelling because they are not as encumbered by legacy constraints. Rather, security investments can be allocated to the right areas and address the challenges posed by the current threat landscape. In contrast, because old habits die hard, more mature markets tend to focus their security spending on traditional mechanisms. Such mechanisms include perimeter-based approaches that are predicated on trying to prevent threats outright.
While threat prevention is an important component of an overall security strategy, it is often over-emphasized relative to areas like incident detection and response. Don’t get me wrong, all three areas are critical. That said, the returns on prevention-based approaches rapidly diminish. At best, investing in better mousetraps will not move the needle appreciably; at worst it can be an abysmal failure.
My belief is that the right budget involves a more equitable apportioning among prevention, detection, and response. In fact, Gartner believes that by 2020, over 60% of the IT Security spend will be allocated to detection and response (up from just 10% in 2014). See, for example, this excellent blog post by Gartner Research VP Anton Chuvakin.
Of course, this allocation is aspirational. But if you look at the way the threat landscape is trending, it’s clear that the industry needs to change its spending habits sooner rather than later.
That’s why events like RSA Conference – Abu Dhabi are so important. In just the last few years, the UAE government created the Dubai Centre for E-Security to bring stakeholders together. And the region has become a go-to destination for hosting events and conferences, much like RSA’s. Armed with the right information, the right investments will follow.
For these reasons and others, I’m very much looking forward to engaging with our customers and partners in Abu Dhabi — many of whom have been very forward thinking. I’ll also be hosting a panel on Wednesday where our customers will discuss what they are doing to stay ahead of the curve via technologies like RSA Security Analytics (effectively addressing the massive shortcomings of traditional SIEM tools).
The deep, pervasive, and continuous visibility offered by technologies in our Advanced Security Operations Center (ASOC) portfolio such as Security Analytics is only one part of the triumvirate needed for addressing the threats that matter most. The other critical areas include comprehensive identity management (including authentication, access, lifecycle and governance) as well as risk management (including comprehensive governance, risk, and compliance). I’m sure there will be no shortage of fruitful discussions around all of these topics.
If you’re attending the conference, please say hello! And be sure to follow my updates via Twitter (@zulfikar_ramzan).