March 4, 2020
RSAC 2020: Insights and Reflections
As the flagship cybersecurity, risk, and access management conference of the year, RSA Conference (RSAC) is a valuable space for industry leaders, boutiques, and financial sponsors to come together and consider the eminent challenges and successes in the field. At RSAC 2020, members of the Clearsight team met with industry partners and discussed the latest trends across the cybersecurity, identity, and risk management verticals that will affect the direction of the industry and areas of investment. In this feature, Clearsight Insights (CI) sits down with Director Jim McCabe (JM) to discuss RSAC and what leaders in security, identity and access management are focused on.
CI: Who did you get a chance to connect with at RSAC this year?
JM: We sat down with a broad range of companies and investors to gain perspectives on the market’s view. We spoke with service providers, MSSPs, software vendors, and solution providers, as well as early and later-stage investors. The professionals we spoke with represented firms at every stage of development, giving a broad view of market factors. We gained perspectives from firms that are looking to make acquisitions, and those who are seeking a transaction, either an exit or an infusion of growth capital. Additionally, RSAC draws leaders globally and we spoke to groups from the US, Europe, and Asia.
CI: What trends are cybersecurity and risk professionals most concerned about?
JM: The theme of the conference was the Human Element, and that seems to capture what many groups are focused on – the sense that technology can only get you so far in securing the enterprise and its data, and that security and risk management starts with people. That manifests as a heighted concern with Identity and Access Management (IAM), full-stack vulnerability management, training solutions and increased awareness of risks throughout the enterprise, not simply in the IT organization.
Interestingly, another trend we heard repeatedly was the need for greater automation. Effective automation has the potential to simplify complex security issues for CISOs and other C-suite members and articulate the business impact of security failures. Initially, expanding automation seems to contradict the theme of the Human Element, however, when you consider the need for security analysts to sift through ever-increasing volumes of data, it’s important to separate the signal from the noise and elevate critical information for remediation. Better analytics resulting from the integration of data streams from multiple sources allow CISOs and their teams to make better decisions about risk and vulnerability, and to remediate critical issues more rapidly. Getting to a place where the C-suite better understands the business impact of cyber security is a major trend we’re seeing right now.
CI: How will privacy concerns and solutions evolve in the future?
JM: Everyone has a different take on what the next big trend in cyber and risk management will be. Some hyped technologies are continuing to evolve but likely won’t come to fruition for the next several years. For instance, many see “true” AI as still down the road, but as ML and RPA get better and more powerful, both the threats and potential solutions arise. Alternatively, blockchain, once hyped as the answer to everything, seems not to be on anyone’s lips- but still has plenty of room to impact future technologies. Farther out, startups are beginning to address the potential challenges of quantum computing, which threatens existing public-key infrastructure, by developing cryptography approaches that use QC technology in a defensive posture.
One evolution that seems inevitable, though, is the convergence of data privacy and data security. As new consumer data privacy regulations like CCPA are voted on and implemented at the state level, protecting that data has become crucial. The issue of data privacy and cyber security are not synonymous but are becoming increasingly interconnected through the advancement of technology and increased data privacy awareness among consumers.
CI: What major takeaways did you have from attending RSAC this year?
JM: The resounding takeaway from RSAC this year was the necessity of and desire for simplification. There are a myriad of start-ups, tools, and features all targeting component parts of cybersecurity and risk management. This often leaves CISOs overwhelmed without a clear path forward for the needs of their businesses. The market’s natural recourse will be to meet the C-suite’s demand for clarity and simplification through the emergence of comprehensive cybersecurity and data management solutions, often assembled from best-of-breed products by managed service providers. As mentioned, automation can also go a long way in simplifying the complexities of cybersecurity and risk for C-suite officers. The movement toward simplification is inevitable, how and when the industry gets there is yet to be determined.
Jim McCabe is a Director at Clearsight Advisors, if you would like to discuss RSAC or his work in cybersecurity and risk management, you can contact him at email@example.com