Reflections on RSA 2020

By Noam Dror, VP of Sales Engineering 

The Privitar team recently returned from the RSA Conference in San Francisco, one of the foremost information security conferences and expos. There were more than 36,000 attendees, 700+ speakers and 600+ exhibitors gathered at the Moscone Center to explore “the Human Element in cybersecurity,” through keynotes, educational sessions, special events, and conversations.

While the novel coronavirus, COVID-19, was certainly on everyone’s minds (and an abundance of handwashing and hand sanitizer present) the quality of conversations and engagement with attendees remained high.

AI On the Rise
The official theme of this year’s conference was the human element, but it quickly became clear that AI was the hot topic: AI for endpoint solutions (there were more than 120 vendors), AI for SIEM solutions, AI for trendy Zero Trust, and AI for security orchestration and response. AI was explored from all sides. Machine learning and artificial intelligence are going to help security professionals make smarter, faster decisions, and automate more security activities. This, in turn, will help IS leaders with the shortage of information security talent. But leveraging ML and AI requires us to retain more data, and more sensitive data, for longer periods of time.

What is the risk of that data? Maybe that topic will be explored in depth at the next RSA Conference or as a result of the next data lake security breach. Until then, enterprises and vendors will need to look for ways to secure and manage sensitive, private data while still providing ML/AI systems the data utility required to find insights and/or anomalies.

Taking a Zero Trust Approach
The Zero Trust model, which started in the network perimeter space, is becoming more data and identity-centric.  Enterprises must start with high priority, sensitive, and business critical data. To protect that data, solutions need to look at the meta-data around it and understand how it relates to different personas.

We saw many vendors focused on expanding the zero trust model into data and identity centers. The next evolution for zero trust will focus on how to enable a shared model, where consumers/data owners can consent to share and use their data, and security administrators can control who has access to that data and how data will look like for each audience. De-identification needs to take place for each audience to protect data privacy and business critical processes. Zero trust needs to be applied to sensitive data/personal data at the data layer, not the access control layer.

Increased Interest in Data Privacy
RSA Conference 2020 introduced a new “Privacy” track to address the growing data privacy concerns of consumers and governments. The rapid changes within data privacy regulations, and increased public awareness of major data breaches have increased the attention given to this topic. Conversations with attendees made it clear that companies are looking for ways to improve their internal systems and processes to meet the needs of their business while protecting their customers’ sensitive data.

This space is emerging and has multiple solution sets including data discovery and cataloging, consent management, the right to be forgotten, data protection, data breach reporting, and GRC solutions to track compliance. We’re encouraged by this trend, and excited that Privitar is helping businesses with this process.