The main objective for IT security professionals today is to find new ways to improve security, without hindering business processes, at a time when cyberthreats and data breaches are on the rise.
More than 42,500 business and IT professionals descended upon the RSA Conference this month with that goal in mind. Here’s a quick look at the three major themes that stood out and resonated with conference attendees:
Trust no one
Least trust. Zero trust. No trust? The concept of trust was all over RSA this year, with many vendors conveying some type of zero trust or least trust messaging.
The idea behind these notions is that there should be limited trust between users, cloud vendors, security systems, and networks. Systems built on least trust help ensure that if a breach occurs, it will be less likely to spread across the user’s IT environment. A key component of these strategies is the idea of least privilege, which means that users should only have access to the systems they need to do their jobs. By limiting access, organizations mitigate the chances of a catastrophic data breach.
Big data meets AI
The process of gaining valuable business insights from big data can be complex and time consuming, but artificial intelligence (AI) and machine learning (ML) technologies can help. Several software vendors were on the conference floor demonstrating security systems that use AI and ML to help organizations make sense of information from various data sources such as threat intelligence feeds, security logs, internet intelligence, and network performance data.
For example, one vendor demonstrated a security information and event management system that pulls data from an organization’s network edge into a data lake and analyzes then uses ML to analyze and diagnose security problems.
ML and AI are clearly the latest buzzwords in security technology—and if these systems are any indication, big data analysis is going to play a major role in ensuring security in the future. The vendors that succeed in this area will be those that best explain the value of these technologies and how their products differ from those of competitors.
Too much security?
There were a large number of software vendors making security pitches, even though they are not known for being focused on security. If I didn’t know better, I might have had a difficult time discerning which companies were security companies, and which were not. As the security market becomes more confusing and oversaturated, it’s important for IT professionals to do their research and find out which vendors truly are focused on security — and have the customers to back it up.
When the market gets too crowded, it becomes difficult for customers to understand where and how to research and find the security systems that meet their specific requirements. I think the world is heading toward a period of consolidation in the security market, with large software vendors scooping up smaller ones in an effort to create a one-stop security shop. That might be good news for users, because it will reduce the need to stitch together multiple solutions from various vendors.
RSA was a fascinating show with lots of useful information about everything from winning security strategies to cutting-edge security solutions. It’s clear that the future of security will feature organizations turning to solutions that make use of AI, ML and big data. I’m looking forward to seeing how these trends play out at next year’s RSA Conference.