Reflecting on InfoSec 2013

By Dr. Guy Bunker

Last week we were at InfoSec in Earls Court, London. It had the usual hubbub of people and stands, mixed in with the usual educational sessions and presentations; but somehow it was different.

Instead of the two major players taking up a large part of the exhibition hall, one had significantly downscaled and the other wasn’t there at all. In their place was a great selection of ‘first time exhibitors’ - lots of smaller companies, lots of innovation, lots of buzz. These smaller businesses had seemed to have dropped off in the last couple of years so it was great to see a reinvigorated section.

I was also at RSA this year (reflecting on the RSA) which had a major theme – security analytics. I felt that the theme at InfoSec this year was missing, which made it seem a little disjointed. The larger companies were selling what they usually sold and the messaging was the same as usual, rather than trying to push some form of consistent theme or trend. Perhaps this is one of the big differences between RSA and InfoSec where the former is driven in all ways by ‘RSA’ and the theme is strategically planned ahead of time so marketing and messaging fit in with the overall theme, rather than at InfoSec where it seems to be ‘just a group of separate companies’ who happen to be showing at the same event.

One trend I did notice was the lack of hardware tokens for two-factor authentication. It’s virtually all gone software now, with mobile phones being the ‘hardware’ component. It makes perfect sense if you think about it although this does make the mobile device an even more attractive target for cyber-criminals.

Another trend was the increase in the number of companies selling secure information transfer. We have had a product in this space for a while, targeted at military and defence and while we have seen increased demand from other sectors it seems that other companies are also seeing the same demand. The changes in legislation across the globe are meaning that the responsibility for managing and governing information is moving up the agenda, especially when it comes to dealing with third parties.

So in a week where there were a large number of articles in the FT on security and the week when the government announced that small businesses could apply for a grant to help improve cyber-security the question is whether or not Information Security has now gone mainstream and so won’t attract people to conferences like InfoSec in the same way as it has done in the past. Time will tell.

From my perspective, InfoSec, with its reinvigorated ‘first time exhibitor’ section makes it all worthwhile. They could learn a thing or two from RSA on setting a theme – bringing all the vendors together to create a more coherent approach for the attendee. What should the theme for 2014 be? Well, I would go for something that everyone can tailor their messaging to, whether they are selling hard disk destroyers, two factor authentication, pen testing or secure email… Information Governance.