Symantec's RSA Keynote: Confidence misplaced?

Once again, no demos. This is an interesting trend. Everyone is taking a step back and trying to think strategically about where the business is going. NO product stuff. NO demos. Is this RSA?

John Thompson starts up by talking about how things are changing. More collaboration and online transactions. The user is in charge. More NSS.

IT systems are drivers of collaboration and growth. CONFIDENCE is the key value in this new world. Amazingly enough isn't Norton's new consumer product called "Norton Confidential." Coincidence?

Symantec announced a new identity initiative last week at Demo (link here). I didn't cover it because it is at least 12 months off and requires a lot of folks to play along, which has proven very very hard in the past. I don't think Symantec is the right player to drive an independent Identity Network.

Thompson says, the role of security officers must evolve to encompass "risk management." Identifying and quantifying company risk vs. company return. Risk to the availability of data and compliance. This sounds pretty Pragmatic too!

He's laying a lot of FUD. $2 billion in opportunity cost in e-commerce because people are scared. GPS malware. John wears a fancy suit (black mock turtleneck is killer), but he's talking like chicken little nonetheless.

SO what's the answer? AV and firewalls a first line of defense (shocker). But you need more. Like a "less vulnerable" operating platform will still be vulnerable over time. Guess you better renew your AV subscription, no?

But identity is the key challenge. Identity management is about operational streamlining, NOT adding new capabilities. He actually said "user-centric" identity.

Now we have McAfee trying to take the high ground with security risk management, which is a term that's been around for ever. Now the Big Yellow is focusing on trying to co-opt "user centric" identity. This is highway robbery and Microsoft should be pissed. Of all the big technology companies, Microsoft has been on the front end of the Identity 2.0 developments.

Not only is CA and IBM now the competition, he's going after Microsoft too on the identity front. But Symantec doesn't have any real identity assets. They should just buy something (maybe authentication) and start really playing. How about Entrust? That could be an interesting combination.

Now he's transitioning to talk about security "intelligence" and it's ability to let you know what's coming. I do believe in this capability and it's importance to staying out ahead of the bad guys. Got to give props to Symantec on this, they continue to make the investments in research.

It's all about user-centricity for the Big Yellow. Very interesting. So, are they not focused on the enterprise anymore? This sounds like Microsoft, but I guess Symantec needs an excuse on why customers should keep their agents implemented on their devices.

But my nagging question is whether this is enough? Symantec is under siege on all fronts, will focusing on identity and users going to happen fast enough to deal with the inevitable erosion of their core business? Let's just say, I don't have a lot of confidence that it'll be enough.