As security vendors and professionals from across the globe gear up for attending next week’s RSA 2018 security conference, I wanted to give my perspective on what everyone should expect and how to get the most out of the conference.
The 2017 conference set a record with over 43,000 attendees, and I would expect that we could see close to 50,000 this year’s RSAC as security remains an important topic to every digital business.
Every year there are a few common themes from multiple vendors and the top marketing terms that I predict we will see include the following:
- AI/ML – First, please don’t conflate the two terms. Machine Learning is a simple way of achieving Artificial Intelligence. Building proper ML models to power AI solutions typically requires a fair amount of data to ‘train’ the model. Make sure that the vendors who are touting these solutions can articulate how their offering truly delivers those capabilities.
- Blockchain – Often confused with Bitcoin, or at least tightly coupled with it, blockchain technology is a decentralized, distributed ledger that records transactions using cryptography in an chronological, immutable manner. It is still early days for leveraging blockchain, especially in high-transaction environments, so once again, make sure that the vendor can speak to these potential issues.
- IoT Security – My personal hope is that we see much stronger regulations around IoT security, or lack thereof, very soon now. There should be ramifications for shipping any Internet-connected device with default credentials such as ‘admin:admin’ and vendors need to also start implementing strong Authorization (in addition to Authentication).
- GRC – There needs to be new ways of addressing Governance, Risk and Compliance. Risk, which has typically been viewed as static, is truly elastic in today’s high-velocity Cloud and Mobile world. Traditional approaches won’t be, and haven’t been, effective so hopefully we’ll see innovative platforms instead of ‘next-gen’ products.
- DevSecOps – This term has certainly seen a significant uptick in Marketing approaches, and we at Cybric have been huge proponents of it since Day 1. The key thing to remember is that it’s a cultural approach where security teams are a collaborative part of the software development life cycle. There is no magic product that can ‘Do DevSecOps’.
I hope that everyone enjoys your time at RSA and comes away with actionable approaches and solutions to start moving the security needle in a positive direction. Our CYBRIC CEO Ernesto DiGiambattista and I will both be there, as well as other members of our team, and we’d love to connect. I’ll be speaking at DevOps Connect: DevSecOps Day on Monday and we’re co-hosting events Tuesday and Wednesday nights.