This post comes from Stephen Cavey, director of corporate development for Ground Labs. Ground Labs was a sponsor and exhibitor for both RSA Conference USA and RSA Conference APJ this year. Below are his thoughts on both conferences.

Conferences provide the ideal venue to directly engage your clients, as well as connect with members of the same industry. And when it comes to IT security conferences, the annual RSAC North America is as big as it gets. This year’s conference attracted a crowd over 33,000 strong. 

Ground Labs sponsored and exhibited in San Francisco past April, as well as in Singapore for the Asia-Pacific/Japan conference in July. We knew the North America and Asia-Pacific/Japan events were bound to be completely different, due to the significant variations between the IT security sectors in both regions.

The most glaring difference between the two conferences was, quite simply, the scale. The conference in San Francisco attracted nearly ten times as many security vendors as its Singapore counterpart.

Secondly, due the difference in maturity between the two regions was clearly represented on the show floor. While many of the visitors to the US event already had formidable data security systems in place, many of the APJ event attendees we spoke to were talking about rebuilding their legacy defenses from the ground up.

What we saw did not surprise us. IT security is still a much larger business concern in the US than it is in the APJ region. Data breach notification laws mandate that US organisations must publicly disclose any pertinent facts when they suffer a data breach. However, Asian countries mostly only have guidelines for data breach notifications, that do not come coupled with penalties or consequences for losing sensitive customer data.

Furthermore, cultural differences between Asian and Western management has a direct effect on the divergent data security landscapes. Top-heavy hierarchical management styles are still prevalent in many eastern organisations,which makes implementing new and necessary security measures an uphill task for many keen IT security professionals.

Despite the (comparatively) smaller event size, however, the RSAC APJ 2015 conference met and exceeded our expectations.

The quality and interest level of the crowd attending the event was more than we could have asked for. We spoke to many companies who showed a genuine interest in going beyond the border of their network and believe they have risks that are largely unknown when it comes to sensitive data handling. This wasn’t just the opinion of security consultants, but also board-level executives who were choosing to make security a company priority.

Equally encouraging to see for the future of data security was the high level of expertise offered by other often complementary security vendors. Many vendors were openly willing to share about their products and solutions in an effort to understand any co-operation opportunities across the IT security ecosystem. Most vendors offered broad and varied set of approaches to tackling security to display at the event, so much so that many looked upon each other as friendly rivals more than bitter enemies.

Rome wasn’t built in a day, and the APJ IT security landscape certainly won’t become a giant overnight, either. However RSAC APJ 2015 did provide affirmation that data security is a steadily growing sector in the region, and there will be many positive changes in data security for Asian companies over the coming years.