Thoughts on the 2019 RSA Conference

So, the 2019 RSA Conference, which wrapped up on March 8, was an event to remember. As we predicted in a post before the event, many new entrants to the growing cybersecurity field participated this year, and we were excited to learn more about what partners and competitors are offering. The exhibition hall had more booths than ever, with larger exhibitions showcased in the main hall.

But, what was especially fascinating for us was the persistence of the cybersecurity professionals who were looking for something truly new and different. These intrepid attendees strolled past the bigger and flashier booths to the outskirts, where the startups were located. At the AppGuard booth, we enjoyed the opportunity to interact with these cybersecurity professionals in person.

We learned a lot during our conversations with CISOs and security experts in a variety of other roles, and also from our own observations of the exhibits and learning opportunities at the conference. Here are some takeaways and impressions from the 2019 RSA Conference:

  • Less blockchain, more zero trust. The term “blockchain” wasn’t being thrown around as much at this year’s conference, and that’s a good thing. Blockchain is a valuable substrate for cybersecurity efforts, and maybe less hype about it being a standalone cure-all means more developers are getting serious about applying it effectively.

    We also noted that “zero trust” seems to be replacing “blockchain” as a buzzword, and that merits a note of caution. Of course, “zero trust” is a meaningful term that we use ourselves — AppGuard is built around a truly substantial and groundbreaking variation of the zero trust concept. But we hope its meaning won’t be watered down by use in marketing hype.

  • Compromised containers and Kubernetes? Cloud technology lifted the infrastructure burden from millions of companies, and businesses worldwide rely on vetted, trustworthy cloud providers that integrate newer technologies into their solutions, including containers and Kubernetes. But what happens if these technologies are compromised?

    That question was likely on the minds of many CISOs attending the 2019 RSA Conference. A breach of the cloud infrastructure could be catastrophic, which is why there were presentations addressing that possibility at the conference, including “Kubernetes Runtime Security: What Happens if a Container Goes Bad?” from Google. Still, the prospect of compromise is a grave threat that probably keeps many CISOs up nights. Awareness is a positive development.

  • Data as eye candy. Another thing we noticed was how large a role data visualization plays in so many cybersecurity solutions. We love data too, but in some cases, it seems like developers get so caught up in producing eye-catching visualizations that they lose sight of the purpose of those graphics — to convey meaningful data in an understandable way.

    Data visualization shouldn’t just be eye candy. Imagine a local transportation department with expensive software that provides colorful graphics depicting the number of vehicles that run off the road and roll down a ravine at a certain point on a highway. I’m sure we can all agree that a simple concrete and steel guardrail by the road would be a better investment.

  • CISOs unable to quantify the value of cybersecurity investments. This isn’t a new development, but it remains a constant source of frustration for CISOs, including some we met at the RSA Conference. The number of data breaches is rising even as “detect and respond” solutions proliferate and become more complex and labor intensive to manage.

    Reactive cybersecurity solutions are creating an unsustainable status quo that requires organizations to keep throwing money and bodies at a problem that grows regardless of their efforts and investments. Maybe that’s why so many RSA attendees were excited about a proactive, preventive approach like AppGuard’s.

In our pre-RSA Conference blog post, we also predicted that patch management would be a popular topic at the event, and that proved accurate. Visitors to our booth were surprised and delighted to learn that a proactive endpoint protection strategy could help them handle this issue. Stay tuned for a blog post that addresses that topic in more detail.