RSA Conference 2016: Day 1

Early discussions on IoT, cloud security, encryption, and industry consolidation

Day 1 of the 2016 RSA Conference.  Vendors are still setting up their booths in the exhibition hall but the sessions have begun in earnest.  Here are a few highlights of what I’ve heard so far:

1.       IoT security.  I’m pleased to see many sessions on IoT security as we need to get ahead of this before it overwhelms us.  The Trusted Computing Group is hosting a morning event on this topic.  Hopefully TCG can deliver some type of technology similar to the host-based Trusted Platform Module (TPM).  This type of technology could serve as a root of trust for IoT device authentication and system integrity.

2.       Cloud security.  The Cloud Security Alliance is also active, hosting its summit meeting today at RSA.  This is always a good event to get educated on the latest trends with cloud and cloud security.  Good thing.  According to ESG research, 46% of organizations claim to have a “problematic shortage” of cybersecurity skills (note: I am an ESG analyst).  And of all cybersecurity skills, 33% of organizations say that their biggest deficiency is in cloud security skills.  Given this, CSA should be busy with cloud security education and certification while vendors in this area (CloudPassage, Illumio, Trend Micro, vArmour, etc.) should see lots of traffic at their booths.

3.       Encryption.  The Apple vs. DOJ (FBI) debate is rampant here but the best statement I’ve heard about this so far was from a friend on the flight to San Francisco when she said, “it’s just like the Clipper Chip debate – Déjà vu, all over again.  I couldn’t agree more and actually said the same thing in a recent blog.  We need to take the politics out of this issue and start an educated public debate on technology, privacy, and national security.  I do expect to hear more encryption news this week – especially about things like key management, PKI, and multi-factor authentication. 

4.       Industry consolidation.  Just as RSA is kicking off, we learned that IBM acquired integrated cybersecurity orchestration platform (ICOP) vendor Reslient Systems.  I’ve written a lot about the ICOPs space – with the global shortage of cybersecurity talent, CISOs have no choice but to bolster the productivity, efficiency, and effectiveness of the existing staff.  This makes the ICOPs space red hot.  Aside from IBM/Resilient, FireEye grabbed Invotas, while ServiceNow and Phantom Cyber just made big announcements.  It’s also pretty clear that Cisco and IBM are aggressively pushing for enterprise security leadership.  I’m sure we’ll hear about some other acquisitions in cloud security, data security, endpoint security, and security analytics over the next few days.

As I write this, RSA really hasn’t even started but the buzz in San Francisco is palpable.  More all week.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)