John Katsaros

One thing that stood out at this year's RSA conference was how sophisticated the bad guys have become — in the 20 years that bad stuff has been happening to computers the bad guys have gone from being disgruntled individuals cobbling together a new virus at night to today where the threats are coming from first class development shops interconnected through complex value chains with specialists at every stage of the process. Today's bad guys are well endowed both financially (able to afford world class development environments) and intellectually. At the rate of technical improvement they'll soon be ahead of the vendors that we rely on to protect this stuff. Consequently, defending against these threats isn't easy, either for enterprises protecting corporate assets or for vendors building security products. A few years ago we were skeptical when in his keynote address RSA's president Art Coviello predicted a decline in the number of small security startups due to structural consolidation in the security business. Well that decline might just come to pass for an entirely different set of reasons — as the bad guys have become incredibly sophisticated building security products has become incredibly complex and expensive. Small players can't afford to keep up with the bad guys. It's going to take more than a few million dollars to finance "the next big thing" in the security business. Keeping up with the bad guys will require significant engineering expenses and top talent — lots of time and money.