Security show to highlight industry trends

A bevy of announcements will spring from this week's RSA Data Security conference from more than 50 firms. Themes include consolidation and new software technologies.

4 min read
The biggest trends in Internet security will be showcased this week at the annual RSA Data Security conference, put on by the leading vendor of encryption technology.

With more than 50 security firms scheduled to make announcements, the dominant themes are continuing industry consolidation, digital-certificate technologies growing up into public key infrastructure software [PKI], and continuing action in intrusion-detection software. Virtually absent this year are the once-ubiquitous firewall companies, mostly swallowed up or morphed into virtual private network [VPN] vendors.

Among today's announcements, Hewlett-Packard said it won U.S. approval to export its VerSecure encryption technology to nine new countries, while Netscape unveiled new versions of its directory server and security software.

Zona Research analyst Jim Balderston expects news of integrated security offerings from vendors like IBM and Hewlett Packard--a welcome development for harried IT managers who now must integrate a series of discrete security products.

"We're going to see a lot more in the way of people announcing initiatives or products that offer more holistic security environments," said Balderston, who expects no blockbuster news from the show. "It is a natural evolution for vendors to start talking about more integrated foundations on which to build security."

Ted Julian of Forrester Research says the RSA show is emerging as a key venue for not just cryptographers but network security firms in general to meet.

"Last year, people knew it would be big show, but it was even bigger than expected. This is the first year where it's institutionalized as one of the major security shows of the year," Julian said. "It's prime time."

On the PKI front, at least a dozen companies have scheduled announcements, including industry leaders VeriSign, Entrust, GTE CyberTrust, and IBM.

PKI software issues and manages digital certificates, which serve as electronic IDs that vouch for the identity of individuals online, where they can be used instead of passwords and PIN numbers.

"PKIs take real-world trust relationships and move them to the Internet," said Patrick Richard, chief technology officer of PKI firm Xcert. "Deploying PKIs have saved real dollars for our customers by turning paper-based processes into Net-based processes."

Europe's largest PKI firm, Baltimore Technologies, will use the show as a coming out party for the North American market. South Africa's Thawte, another newbie to the U.S. market, will promote its efforts to make digital IDs from different vendors work together. Last week Thawte announced that certificate authority vendors Netscape, Baltimore, and Entrust plus consulting firms Deloitte & Touche, Ernst & Young, and KPMG joined Thawte's cross-certification program.

Other efforts in making digital certificates interoperate are due from Valicert. Entegrity, and Xcert, which recently released version 3.5 of its Sentry CA suite of PKI software.

Conference host RSA and parent Security Dynamics are promoting their own PKI plays.

On the consolidation front,Axent last week bought intrusion detection firm Internet Tools to fill out its portfolio of products to test networks for security holes and ward off hackers. PKI vendor Baltimore is another consolidation play--it is the result of last month's merger with Zergo Holdings.

Intrusion-detection software, a market that seemingly sprung out of nowhere last year and dominated 1998's security news, will be active too, and not just from Axent/Internet Tools. ID Arts and iD2 Technologies have scheduled announcements, although market leader Internet Security Systems is strangely silent, at least in advance of the show.

Also absent from the press conference list is Check Point, the leading firewall software vendor. Axent, which bought out firewall firm Raptor Systems in the last 18 months, may talk firewalls. Network Associates, which bought firewall firm Trusted Information System last year, plans announcements too.

Network Associates, which has pushed into the security market via acquisitions in the last 15 months, plans PKI and VPN announcements. Its acquisitions include encryption pioneer Pretty Good Privacy and two intrusion detection firms. As it did last year, Network Associates is sort of crashing RSA's party--making announcements from hotel suites, not the official show dais.

But RSA rival Certicom, which sells elliptic curve cryptography (ECC) algorithms and software, will be on hand, assigned the very last time slot for news announcements at the show.

Microsoft will keep a low profile at the conference, demonstrating the use of digital certificates on smart cards at its booth.

Several vendors of smart cards or other hardware security tokens also plan announcements at the show. Litronic will demo its tokens used with PKI systems.

Makers of specialty crypto chips and board also plan announcements, among them Rainbow Technologies, VLSI, nCipher, Chrysalis IT, and Hi/FN. Their products encrypt and decrypt secured data, improving speed without taxing by offloading those functions from a computer's main processor.