In this second of a two-part video blog series, my colleague Jon Oltsik and I discuss some of the themes and takeaways from RSA Conference 2017.
Closing the cloud security readiness gap with platforms: Many vendors at RSA were offering cloud security solutions to help organization close the gap between the use of the cloud services within their company and their readiness to secure that use. These solutions spanned the gamut of “from,” “in,” and “to” cloud security with respect to security from the cloud (i.e., security-as-a-service\SECaaS), infrastructure security (workloads, APIs), and cloud app security (i.e., CASB), respectively. Compounding the readiness gap is good old heterogeneity -- most orgs use many cloud apps and multiple IaaS providers. In fact, ESG research reveals that 75% of organizations consuming IaaS services today do so from more than one CSP. These adoption dynamics create the need for cross app and cross cloud coverage which is why major players such as Cisco, Trend Micro, and Symantec are highly focused on the breadth of their cloud security portfolios while cloud security specialists such as CloudPassage, Netskope, Illumio, vArmour, Threat Stack, and others are also helping companies close the gap with offerings that continue to offer both breadth across cloud services and depth of functionality.
Data center architectural shifts as a catalyst for consolidation. Speaking of the cloud, I attended a session delivered by a SVP of cloud security architecture who kicked off his presentation noting that their current use of nearly 140 cybersecurity controls is simply not operationally sustainable. No kidding! He then went on to cite the shift from their legacy and virtualized architectures to the cloud as a catalyst to revisit their set of controls and thus an opportunity to greatly reduce the number of vendors. Like many others, this customer is looking for suites that ride on platforms that consolidate disparate features into tightly integrated modules. This customer requirement was reflected in messaging from the larger cybersecurity vendors offering such platform plays. Stay tuned for research from ESG on the emergence of enterprise class cybersecurity vendors.
These are just a few of my takeaways from RSA Conference 2017 and without much mention of machine learning, the consensus buzz phrase of the show. Nor does blog real estate allow for noting what was shared about the DNC hack at an insider threat summit. It’s never a dull moment at RSA Conference!