Innovation is the future of IT, but is innovation really happening? Let us look at one segment of IT: security. The RSA Conference hosts an annual Innovation Sandbox. The winner can claim to be the most innovative security company that participated in the contest. This year, there was a wide mix of companies.
Innovation is a high-stakes, all-or-nothing gamble. In this competitive market, you need to innovate, or longstanding, ever-changing giants such as Amazon or Microsoft will eat the competition. These companies continue to innovate, while others, such as Citrix and VMware, seem to be iterating on a theme. So, in effect, innovation is key. Innovation, if adopted, does not even need to be disruptive. There is a distinct difference between disruption and innovation.
Innovation is a new method, process, or idea. It is not necessarily disruptive or something that sparks a rip-and-replace mentality. Even virtualization, which was incredibly innovative, was not about rip and replace, but rather about using what you had to the fullest and then, as you could, replacing with better, newer hardware. Some of the most innovative changes I have seen in security were not part of the Innovation Sandbox, but made life easier for security products. These actually came from chip manufacturers, like Intel. Intel knows it needs to innovate or become an also-ran.
NVIDIA, with its vGPU technology, is also an innovative company, and at the moment it is really iterating on a theme. Where will this lead? We don’t know yet, but we can see a horizon.
So, what does it mean to be seen as innovative? This is an age-old question. I think that to be seen as innovative requires a unique idea that is so universal that everyone will want to use it because they need the technology and can’t live without it. Now, is that really about marketing, or about need? Can a good product—an innovative product—succeed without good marketing? I would hope so.
This year’s Innovation Sandbox featured ten very interesting companies. Some I had heard about, but others I had not. Their products included NFV (Versa Networks), Secure Hardware (Skyport Systems), code-level language security (Prevoty), white-hat hacking (SafeBreach), DVR for Network Data (ProtectWise), detonation of malware inside containers (Menlo Security), detection of attacks (illusive), data security (Vera), RF identity and tracking (Bastille), and the security “connective tissue” of the winner, Phantom.
The winner was not a new technology per se, as we have been connecting management systems using Puppet, Chef, and other automation tools for years; its innovation concerns how that is done. A central management plane has been a necessity for security for years. We have needed one place to go for all policy, one place to manage that policy, and a way of sharing policy, without the need to recreate it every time we stand up a system. A standard policy everywhere, regardless of tool, is innovative.
That is not to say that the other tools presented aren’t innovative: they are. There has been a need for systems built from the ground up to be secure and a need for ways to do penetration testing more easily, to detonate attacks outside our working systems, to detect attacks, to handle identity and data sharing, etc. These are all interesting technologies: ones that have been envisioned, created, and proved.
Sometimes, innovation is seen as table stakes—examples include directory services and encryption within a cloud, as in products announced by Amazon last year and others that have been or will be announced this year. Yet, those were first created as part of virtualization, and it took years before they were important within clouds. There are innovations on moving data to the cloud, as well as innovative models for moving to the cloud securely.
Innovations of today answer the questions of tomorrow, not just the queries raised today. Where are we within the cloud? Still ten years behind the data center, it seems. Is that because as tenants, we cannot see that deep into the cloud? That is also changing with cloud access security brokers, which were seen in previous Innovation Sandbox contests.
One question remains: to be innovative, do we also need to be disruptive? I think not, but what are your ideas? What are the most innovative security and non-security products you have used?