It was great to be back at the RSA Conference in San Francisco this month. For many, it was the first in-person conference since RSA 2020. Attendance at 26,000 was down from 2020’s 36,000, with some vendors and attendees unable to attend due to COVID-19.
But the fewer numbers and freed up floor space in the exhibition hall meant less crowded hallways and seating areas. Having some free space in the exhibition hall was a nice change from the crowded fair of previous years. Those of us who attended regularly were happy to meet again in person.
Many have asked me about my top RSA takeaways this year. Here are the top themes I’ve seen in my cloud security and application security areas.
Transform: Customize security for digital transformation
With its theme of “Transformation,” this year’s RSA conference reflected how companies have been dealing with the pandemic and a largely remote workforce over the past two years. Every company in every industry had to be a software company to survive. We’ve seen brick and mortar businesses come online. And for many companies, survival depended on digital transformation using cloud services.
Using cloud services helps companies take advantage of a cloud service provider that takes care of hardware, physical infrastructure, and maintenance. It makes it easier for developers to provide software to customers. But increasing productivity and being able to serve more customers online makes security more important than ever.
This transformation causes a lot of discussion. Cybersecurity leaders face the challenge of enabling digital transformation—but they need to transform their programs to protect the applications they deliver over the cloud.
Enterprise Strategy Group (ESG) cloud-native security maturity research has shown that a majority (88%) of organizations believe they need to evolve their security programs to secure their cloud-native applications. It also revealed that most organizations (88%) suffered from security incidents that had serious consequences, including data loss, compromised service-level agreements, the introduction of malware, and the need to pay fines for compliance violations.
Enterprises are under pressure to find better options to help them manage security and risk as they move their applications to the cloud. Having worked on the vendor side for many years, I see this as an opportunity to develop security products that help security teams enable, not block, transformation. Nobody wants security to become a bottleneck.
Security products should help increase efficiencies throughout the software development lifecycle by using automation or correlating data to reduce the manual work required by development and security teams. Goals should include reducing the number of cloud-deployed coding errors and responding quickly to issues when the application is in runtime.
Scale security while facing a lack of cybersecurity skills
Speaking of increasing efficiency, a major challenge for cloud-native security is scaling security as development teams grow. ESG research on the life and present of cybersecurity professionals reported the biggest skills shortages in cloud computing security (39%), followed by security analysis and research (30%) and application security (30%).
The study also reported on the impact of skills shortages, with 62% of respondents saying they are struggling with an increasing workload from existing staff. Meanwhile, 38% said new security jobs remain open for weeks or months, and 38% reported high burnout or high turnover among security staff.
This creates a demand for security products that can automate key processes or help employees save time from tedious, manual processes. Look for products that help security teams with their jobs. Ideally, they see fewer security issues, and automation or help prioritize what needs to be done helps mitigate risk.
Another key issue is the consolidation of tools. My colleague Jon Oltsik, ESG Senior Principal Analyst, presented new research from ESG and the Information Systems Security Association (ISSA) showing that companies are moving towards product integration and multi-product security.
One of the biggest challenges is the burden of managing products or tools separately. It’s difficult to get a complete picture of security status when so many different security technologies are in use. Businesses just don’t want to keep adding separate, siled tools. They prefer a consolidated approach, ideally with a platform or integrations that bring data together to provide context to streamline required actions. There’s a big departure from any tool that adds more alerts as companies look to streamline their approach.
All in all, it was a wonderful conference that brought people together for meaningful and productive conversations. It’s always great to meet with security practitioners and leaders to learn about their biggest challenges and how they’re tackling them.
It’s exciting to cover this area to see how we are evolving security to leverage cloud infrastructure and development practices. Instead of being overwhelmed with the complexities of securing assets in the cloud, we can leverage modern processes to better integrate security.
ESG is a division of TechTarget.