Where has all the innovation gone? I was very much looking forward to talking to the startup vendors selected as finalists for this year's Innovation Sandbox at RSA. After last year, I suppose I should have set my expectations a little lower, although realistically it would have been impossible to set them low enough to avoid some level of disappointment. Because, quite honestly, I was quite disappointed.
Of the 9 finalists, 6 had "cloud" point solutions, largely targeted to the hypervisor, with one that did some funky inline crypto stuff that made me wonder. 2 finalists had "new" authentication approaches, which were sort of interesting, but they didn't solve the larger problems with authentication. The 9th finalist was also potentially interesting in that they provided a nice visualization dashboard for risk management, but the biggest downside was that all data had to be independently entered. There was no integration with any GRC products, and so while it looked pretty, it wasn't overly sensible. So, yes, I was a wee bit disappointed.
A Theory...
So, I have a theory about why things seem so stale. Quite simply: there are no technology solutions that can solve people/org theory problems. We have an evolutionary gap in terms of how we, as humans, detect and respond to so-called threats that don't actually threaten us physically. We as a race have well-adapted capabilities (fight or flight) for detecting and responding to physical threats, but there's really no analog corollary for digital threats.
Sure, there are other areas where there is room for improvement. Compliance management (the balancing act that is only going to get more difficult as regulations increase exponentially), documentation+records management (think legal compliance, eDiscovery, and so on), and then of course all the normal operational security challenges we deal with on a daily basis (IAM, change mgmt., config mgmt., yada yada yada).
Now, where there is definitely a need for innovation is a leap forward. Unfortunately, I don't think we'll see that until humans catch up. Until then, it'll just be another day at the office...
