ESG's Mark Peters, Christina Richmond, Jon Oltsik, Kevin Rhone, Dave Gruber, and Doug Cahill discuss highlights from RSA Conference 2019, held in San Francisco.
Read the related ESG Blog: Was ‘Better’ Cybersecurity the Promise or the Premise at RSA 2019?
Announcer: The following is an ESG On Location video.
Mark: Welcome to the RSA Conference 2019. There are so many of my colleagues here that really I'm not going to take more than a second to introduce what they're going to talk about.
Really, they're going to play off the theme of better, which was the theme for this year's conference. Now, when it comes to security, you could argue that better is not the most encouraging thing from a good, better, best perspective. But clearly, security is absolutely one of those places where you want to make progress. I asked each of them, what is the area of most progress or most significant thing that they've seen this week.
Christina: One of the things that I noticed at RSA is that the theme here is better. And what that means to me with security is, you know, how is security better or how is RSA better? I actually think that making security better means being better prepared. So a lot of the conversations I've had this week have been about, how do we prepare our organizations for what is now known to be inevitable which is the breach?
So do we have a plan? Do we have a playbook? Are we practicing that playbook? Do we know who the key people in the organization are? And do we have that preparedness as muscle memory?
Jon: I'm here at RSA 2019 and it's the last day, but a few takeaways. One is tremendous announcements kind of that are shaking the industry with new types of scale, use of cloud, SAS applications, use of machine learning, things that we've been anticipating, but they're happening now. The second thing is just a tremendous amount of people and vendors.
And the reason for that is that every layer of the cybersecurity stack is in play. So users want to understand the technology, and, of course, vendors want to sell it. And, finally, market education. So we're here at the ESG event where we try to educate the market, but there's transitions in place and so everyone's got to work as a community to educate the cybersecurity professionals so that they know how to protect their critical investments, how to protect their businesses in this changing environment.
Kevin: Probably the most significant thing that I've seen at the RSA this year is the emergence of the importance of managed services and, specifically, managed security services. It manifests itself on the vendor side from their knowledge and understanding that this is the preferred way that their customers want to consume their technology.
And on the partner side, it's becoming important for the best partners out there to include managed services in their business portfolio, and as a way of satisfying their customers' needs. What this means for the vendors is that not only do they need to develop a product suite that is offerable in that consumption model but also that they need to have programs and support in place to attract, and retain, and motivate those partners that are capable of making that move.
Dave: So great to be here at RSA 2019. Today's day four, I've had a chance to speak with so many of the endpoint vendors. Some common themes that endpoint vendors are talking about, single agent or actually the majority of the major endpoint players all have or are about to have single agent solutions, bringing prevention detection and response together. Very, very common theme, and I'm seeing along the way platforms. Everybody has a platform, everybody's building a platform, everybody is pulling the pieces together to make it easier for security teams to have less complexity in their environments. The challenge this presents to us all is a noise level. If every vendor has a platform, if every vendor has a single agent, if every vendor has prevention detection and response, now what for the buyer?
How do we differentiate? How do we set ourselves apart from one another? Exciting times in endpoint, there's a ton of players that are involved. It's going to be very exciting to see, as we go into 2019, some of the strengths of differentiation that each of the vendors bring into play. Could it be mobile? Could it be IoT devices? Could it be extensions into adjacent markets? Very excited to see.
Doug: As organizations close the gap between the degree to which they've already adopted cloud services and their ability to secure those services, it's really more about process and approach than it is technology. And that's why I was very encouraging at this year's RSA Conference 2019 that there was a full day dedicated to DevSecOps, the notion of integrating security into the continuous integration and continuous delivery pipeline that is the modern way on how software applications are both built and delivered into production environments.
CISO and security practitioners into work with the line of business. The Scrum Teams at the AppDev teams have meeting every day on how they're pushing new code into production to integrate security in a pragmatic way in terms of processing controls to mitigate the risks associated with an increasing number of workloads that are moving to public cloud platforms.