The big story at this year’s RSA conference actually broke back in December, when it came out that the NSA had paid RSA $10 million to build a back door into their encryption. RSA encryption technology is the de facto industry standard for financial services. It is almost a certainty that all of our personal information is secured somewhere by RSA. So the news impacts all of us. Most of the controversy has involved the moral aspect of the transaction. Should RSA have agreed to give the NSA a back door? The fact that they were paid to do so makes it seem all the more mercenary. But in fairness, there will be a cost to RSA of implementing the measure. Even if installing the back door did not cost anything in development resources, there will be a cost in lost customers and disruption to the conference. Already, several speakers have cancelled, and nearby restaurants that traditionally serve as meeting spots for security industry influencers have been block-booked by protesters.
From a tech M&A standpoint, we see opportunities for new players to take market share in what, until December, had appeared to be a mature, established market. We also see more ammunition for proponents of point solutions, rather than monolithic single-vendor contracts. The simple fact is that an established standard is a much higher value target for hackers, because a single breach can grant access to thousands or millions of data stores. And, a single move – like RSA selling back door access to the NSA – can call the entire infrastructure into question. So the second impact will be a swing of the pendulum back toward point solutions, creating opportunities for emerging vendors.