RSA 2020: Five Cybersecurity Takeaways
By Tomy Han
Despite fears of COVID-19, RSA 2020 was as crowded as ever, attracting 36,000 attendees, 704 speakers, and 658 exhibitors, attesting to the sector’s growth and its expanding mindshare for enterprises and consumers alike.
Cybersecurity has been an important sector of focus for Volition Capital over the last decade. Members of our team have been fortunate enough to work with market-leading companies including Blackduck, Ping Identity, and Verid, as well as current portfolio company Securonix, which was recently recognized as a leader in Gartner’s MQ for Security Information and Event Management (SIEM).
Every February, the Volition team attends the RSA Conference to meet with founders of the most promising security companies and understand how the landscape is evolving. Over the years, as we meet with industry thought leaders and walk the halls of RSA, our views have been shaped by a number of recurring macro-themes, including:
- The challenges around the continued adoption of cloud + hybrid environments
- The industry-wide shortage of security professionals
- Alert fatigue and overload, overwhelming security teams and slowing response times
These are themes that we believe are not going away any time soon and have thus anchored our views around. And, like every year, we garnered themes that are emerging or being transformed by a new wave of innovation and disruption. Below are our observations from this year’s conference:
Vulnerability Management is Evolving
For some time, incumbent vendors such as Rapid 7 and Qualys have dominated the vulnerability management arena. However, there is an emerging generation of vendors that are trying to disrupt or enhance the space, whether by prioritizing vulnerabilities within a sea of alerts, reimagining the cost structure and delivery model of vulnerability assessment services, or guiding security teams with optimal ways to remediate vulnerabilities.
Third-Party Risk Management is Top of Mind
Many high-profile cyberattacks have been a result of poor security practices by suppliers and third parties, not the enterprises themselves. In fact, the number of records exposed by third-party breaches has skyrocketed by 284% since 2018. This acknowledgment, coupled with a wave of frameworks and regulations to help remediate malpractices, has made third-party risk management top of mind for security teams in 2020.
Shifting Security to the Left
Enterprises are creating new applications and modifying them at faster rates than ever, and integrating security early into the development cycle is becoming key. While this is much more than simply introducing a new set of tools as it requires a cultural shift throughout the organization, it is nonetheless a movement that is creating an opportunity for software vendors that can help with or enable this transition. This shifting of security to the left, or “DevSecOps,” as it’s sometimes labeled, will be an impactful trend to continue monitoring.
The number of companies at this year’s RSA conference with zero trust solutions grew by over 50% when compared to 2019’s conference. As the number of devices, cloud-based applications, and digital identities continues to increase, the perimeter of an enterprise is eroding, and Zero Trust models are solidifying. Zero trust requires the orchestration of a portfolio of technologies, and advanced solutions around endpoint management, identity verification, and secure access continue to be top of mind.
Response and Orchestration Are Key
Vendors helping protect enterprises at every attack surface have expanded their roadmaps to help automate the response to threats and breaches. Whether it’s a dedicated platform or an extension of existing solutions, automation of response and orchestration has helped cut down response times and streamline operations of security teams. They will be a key fixture of the security landscape going forward.
The attack surface of enterprises is increasing as the number of devices continues to increase, cloud adoption grows, and the web of connectivity with third parties expands. Security teams are having to re-design and adapt their security frameworks in response, from employee security training all the way to breach response. With the coronavirus forcing employees of many enterprises to work from home and third-party business to be conducted virtually, this may be a pivotal moment that tests an enterprise’s readiness in handling a true Zero Trust framework. No crisis should go to waste, and this may be an opportunity for enterprises to refine and accelerate their security roadmaps in an ever-changing environment.
Connect with Tomy