ESG's Doug Cahill and Jon Oltsik discuss the topics to be covered at ESG's Upcoming RSA Breakfast, and research being done in 2020.
Watch the related ESG Security Talk Video(s):
- Security Talk - Increased Automation and Serverless Functions, and Top Themes for RSA 2020
- Security Talk - ESG Research on Cloud Driven Identity and Access Management
- Security Talk - Cybersecurity and Communication
Doug: Hello again. And thanks for joining us for our next episode of Cyber Security Talk. I'm Doug Cahill. I'm here with my colleague, Jon Oltsik.
Jon: Hello, Doug.
Doug: Hey, Jon.
Jon: Nice to be here.
Doug: Hey, so RSA also means our second annual ESG RSA breakfast. A lot of fun last year. Looking forward to seeing a lot of friends.
Jon: Yeah. At the W Hotel on Thursday.
Doug: W on Thursday morning. Absolutely. And we have a team of five cyber security analysts now so we're going to be covering a lot of ground. I've got a list here of some of the topics we're going to be covering. You're going to be kicking things off with cloud scale security analytics, a study you did this year.
Jon: Yes, I am. So, I've been writing about SOPA now for four years, and when I first thought of it, I thought about a distributed software architecture. Really didn't consider the cloud. As of 2020, it's migrating to the cloud. It has to be hybrid but a lot of the infrastructure, a lot of the analytics and the horsepower behind the analytics all go into the cloud.
Doug: You bet. Then our colleague, John Grady, is going to be talking about the emergence of Elastic Cloud Gateway, so convergence of DLP, CASB, SWG, and more, including SVP.
Jon: And way more.
Doug: Cloud delivered network security services really is the way to think about that. So, he's got some great thoughts there and some research that's coming up. And then Christina is going to be talking about...
Jon: Professional services, which again, there's this global cyber security skill shortage. We can't do it all ourselves. What can we do? Hire experts to help us, professional services, managed services. Christina is all over that like a cheap suit.
Doug: Yeah. You bet. She's specifically going to talk about incident response readiness and realities, so very interesting insights there. And then our colleague Dave Gruber is going to talk about securing the end user perimeter, so taking a look at end point security and email security.
Jon: And we know identity is one of the new parameters so understanding what the user is doing is very important.
Jon: And what are you going to talk about, Doug?
Doug: Big surprise. I'm going to talk about secure DevOps initiatives.
Jon: Are you?
Doug: Shocking. But you know what? I'm going to ground that in pretty relevant research that really talks about specific use cases because I feel like, okay, DevSecOps is sort of a nebulous term.
What does it mean? What really matters is how organizations implement and secure DevOps practices. So, I'm going to be... I'm going to get specific on use cases.
Jon: Good. Well, I think that's sound advice. Our research tells us what's going on. And it's progressing.
Doug: You bet. That's sort of looking at a little bit of rear view mirror, some of the research we conducted in 2019. Moving forward in 2020, we have a rich research calendar. I know you're taking a fresh look at SOAPA again in 2020. One of the topics we're looking at here where we've gotten a lot of interest is security in the boardroom. Give me a thumbnail on what that's about and why do you think we're getting so much interest in that particular study.
Jon: I am so looking forward to doing that project, collaborating with Christina Richmond, because there's this services aspect to it. We have paid a lot of attention to the threat side and less attention to the vulnerability side of security. And when I mean I don't mean software vulnerability. I mean, the vulnerability of my business processes, the vulnerability of my people, the vulnerability of my critical assets including my data.
Looking comprehensively at those things, the board wants to know, executives want to know. Our ability in the past to tell them how vulnerable we were and monitor that on a minute by minute basis was pretty poor. And so, that's what we'll be looking at is that transition to kind of real time risk management or data-driven risk management.
Doug: And what's the vernacular on how the CISO speaks with the audit committee and the board around understanding what risk is and how you measure it?
Jon: That's right. That's changing. And we do have the benefits of some of the tools that we're using, big data applications analytics. So, there's a lot of innovation. There'll be a lot of money made, a lot of money lost. People cry, people happy. That stuff.
Doug: Front and center topic.
Doug: Awesome. We have a lot more to talk about and we look forward to sharing more about our research calendar with all of you when we see you at our... well, at our breakfast or somewhere around RSA in the Moscone Center in a couple of weeks.
Jon: See you at RSA. ♪ I left my heart in San Francisco. ♪