Five Core Concepts Of The 2018 RSA Conference
The 2018 RSA Conference, held at the Moscone Center in San Francisco, Calif., was an exceedingly productive and proactive atmosphere – as vendors and end-users discussed ways to get ahead of the security curve, instead of relying on outdated, legacy or “reactive” security controls.
Altogether, some of the hard-hitting topics security practitioners have been seeing for months – if not longer – certainly reared their heads at RSA. This includes governance, risk management and compliance (GRC), especially as it relates to the May data privacy regulation affecting multinational organizations, GDPR, along with cloud security, user behavior analytics (UBA), Dark Web monitoring, real-time threat intelligence and forensics, and more.
Vendor booths offered everything from DIY demonstrations to step-by-step walk-throughs of security functions, to video games, giveaways and serious “swag.”
Looking past the merchandise, however, these vendors, consultants and agencies set the proverbial bar quite high – instilling various security tenets with those who strolled through, and reminding IT professionals and customers to remain diligent in the ever-changing space – one that sees threat actors growing increasingly bold by the day.
At RSA, both top-tier companies and other market leaders delivered their unique messages – from integrated solutions to Swiss army knife-type tools/dashboards that allow for more security efficacy. Some of the most sought-after booths appeared to be compliance related – with presenters reminding conference-goers that compliance is, of course, a baseline in the enterprise and should be exceeded by more exhaustive measures.
That said, the GDPR acronym was emblazoned on nearly every booth – reminding the thousands in attendance that the regulation becomes enforceable in just over one month.
Here’s a quick-hit guide to this year’s RSA Conference – including chat-worthy trends and discussions:
Countdown to Revamped Compliance
We’ve already said it, but it’s worth repeating – GDPR will likely change the face of data privacy, even in nations outside of the European countries it generally guides. A 4% or €20 million ($24.5 million) fine for organizations that mishandle user data is a sheer force to be reckoned with. RSA presenters underscored this presence, as well the various solutions that aim to keep companies compliant and highly visible.
A Cloud Journey
Scores of RSA exhibitors reminded attendees that ongoing “digital transformations” include a fully informed shift to cloud computing – public, private, hybrid, multi. Securing all aspects of this space has been a challenge for enterprises, as evidenced by data breaches in the past couple of years. Nonetheless, more awareness built around cloud security tools is driving change – and more comprehensive solutions hitting the market poised to enhance cloud activity/security from day one.
Shadow of the Dark Web
RSA exhibitors reminded visitors of the sheer force of the Dark Web – be it for acquiring sensitive data, trafficking, organized crime, “bazaars,” etc. As white hats augment their security capabilities, cyber-criminals fortify their own tactics, penetrating farther into the darkened space. Various vendors offer ways to navigate this clandestine area, and others remind end-users to pay close attention to its sway of the market. All in all, the Dark Web remains just that – pitiless and dreary.
Preserving and Protecting 'Identity' -- With UBA?
As one might expect, the digital “identity” was a top concern at RSA. This includes all aspects of an employee’s (or an administrator’s) online digital profile: multi-factor authentication (MFA) to access accounts, login methods, password rotations, cloud database account access, etc. Identity and Access Management (IAM) remains of paramount importance within the security community, and the RSA Conference helped further define that. What’s more, the concept of a “macro” governance topic was explicated throughout the week. Whereas IAM focuses heavily on the controls around login and access, identity governance focuses on the policy. These products help define identity protocols within the enterprise, as well streamline audit efforts – especially as IAM relates to compliance.
Another visible topic that circulated from booth to booth at RSA was UBA – and ways to detect anomalous activity. UBA plays a significant role in threat detection (lateral movement, behavior patterns, real-time response controls, etc.) and many new products offer comprehensive dashboards to define and document user activity. Anything that goes against the grain, then, gets flagged and notifications go out to all proper parties – including users, management, security, etc. ESG Global Research Senior Analyst Mark Bowker called UBA a big player in the future of IAM (in CSHub’s upcoming Market Report on the same topic!)
Trust Not! User Connectivity
The “Zero Trust Model” also appeared in RSA conversations. Vendors and end-users discussed the issue of admittance/connectivity to the network, and the idea that even internally, users should not be freely admitted. With insider/lateral movement attacks taking precedent today, administrators now must flesh out its users before they can enter a protected space. This “Zero Trust” mindset alters a previous tactic that conceded trust to internal users. With the rebranded version, CISOs and the like become more cognizant of the size/scope/direction of attack.
RSA: Post Mortem
In closing, let’s remember just how impactful conferences like RSA can be, as they singlehandedly help define security conversations and drive change. The appearance of industry leaders and prominent voices helps further the security cause – and the expansion of the vendor space allows for sustained growth, competition and more comprehensive solutions. RSA, then, was both helpful and impressive.
Be Sure To Check Out: GDPR, Cryptocurrency Take Center Stage At RSA