S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
Corporations
Financial Institutions
Banking & Capital Markets
Economy & Finance
Energy Transition & Sustainability
Technology & Innovation
Podcasts & Newsletters
Corporations
Financial Institutions
Banking & Capital Markets
Economy & Finance
Energy Transition & Sustainability
Technology & Innovation
Podcasts & Newsletters
Blog — 28 Jun, 2022
Highlights
After a four-month postponement, the first in-person RSA Conference since 2020 wasn't fully able to escape the pandemic's shadow. Even so, attendees welcomed the opportunity to gather face-to-face at last, but were met with a puzzling lull in apparent innovation, while those unable to attend in person sustained a disappointing "digital experience."
Introdution
The RSA Conference (RSAC) is one of the premier events in the cybersecurity vendor community – a combination trade show, reunion for industry participants, learning venue and showcase for one of the most active fields of emerging technology. After a digital-only version in 2021, this year's edition was the first in-person RSAC since the 2020 event, which took place only days before the World Health Organization declared COVID-19 a pandemic, but this year's gathering wasn't free of that shadow.
The Take
The first in-person RSAC in two years was eagerly anticipated. The highly social cybersecurity community always embraces the opportunity to network, enhance tradecraft and learn about new developments in security technology. Our data indicates that security spending is likely to remain strong, with 94% of respondents to our recent Voice of the Enterprise: Information Security, Budgets & Outlook study indicating that they will increase their security spending, at an average increase of 26% over 2021. This remains consistent with the 27% increase reported in 2021.
Health concerns likely dampened RSAC attendance, which came in at only 60% of the record number set in 2017. For those unable to attend, the so-called "digital experience" fell short, not even delivering a standard for content familiar from pre-pandemic RSACs. Nor did innovation seem as robust this year. Despite record M&A investment and emerging concerns such as threat detection and the nascent field of protecting cloud applications, a technology similar to long-established precedent offerings won the RSAC's Innovation Sandbox competition.
Context
At the last in-person RSAC in 2020, there was not yet the mass defection away from in-person events that soon followed, although major vendors, such as IBM Corp., pulled their 2020 participation completely as the virus began to spread more widely. Even so, RSAC 2020 saw conference attendance of 36,000, but that was down from the 40,000-plus high-water mark of the 2016-2019 era.
RSAC 2022 was significantly less well attended. At 26,000, attendance was 72% of 2020 and only 60% of 2017. The number of exhibitors fell similarly: The 400 at RSA 2022 were only 61% of the 658 at RSAC 2020. The number of speakers was not as severely affected, with the 600 presenters at RSAC 2022 at 85% of the 2020 slate – but the 350 sessions offered were only two-thirds the number of those given at RSAC 2020.
COVID-19 concerns continue to weigh on participation, with attendee attitudes varying from maximum prevention, including masking (vaccination or testing was required of attendees), to behavior that would seem to shout, "COVID's in the rear-view mirror!" The biggest question for all such events, however, is whether the risk of exposure at major in-person conferences would affect future participation. In an informal Twitter poll conducted by user and security researcher @RayRedacted, 22.3% of the 1,164 voluntary respondents, all of whom reported attending RSAC, said they had gotten COVID-19 at the conference as of June 15. Another 41.2% said they were "unsure." This is far from a scientific sampling, but many post-conference discussions have already surfaced concerns about future events.
For those who stayed away but still wanted to participate, RSAC offered a "digital experience," but it was far inferior to the 2021 all-virtual conference, which turned major venues such as the Innovation Sandbox competition into a highly accessible event streamed live online. The streaming aspect was a continuation of RSAC practice in previous years. This year, however, the on-demand recording of the Innovation Sandbox competition could only be viewed after the fact. The intent was to deliver the benefit of the in-person experience – the lifeblood of such events – for those making the effort to attend, but the upshot was to make digital participants into second-class attendees – and that sent a message to those who couldn't attend, whatever the reason. Teams with some members on-site and some streaming could not discuss sessions in real time, a use case inherent with those who are at higher risk for poor outcomes with COVID-19 or who live with someone who is. Whether intended or not, the message was the opposite of accessibility and inclusion, and not likely to be forgotten by the many who rely on digital interaction – particularly if circumstances force future events to be more hybrid or virtual than they are aspiring to be in 2022.
Prevalent themes
The RSA Conference was characterized by a number of themes throughout the event. Among those that stood out for our analysts:
Innovation Sandbox
RSAC's Innovation Sandbox competition continues to serve as a bellwether of startup activity and the sensitivity of the judging panel to the value of emerging approaches. This year, however, the judges' take on "innovation" was a bit of a head-scratcher, given that the winner offered a variation on something that has been in the market for some time.
The 10 vendors named as finalists were: Araali Networks, a provider of technology for detecting and blocking threats to cloud-native environments; BastionZero, which offers zero-trust remote access to cloud-native infrastructure for management teams; Cado Security, which offers incident investigation, forensic and response tools for cloud-native environments; Cycode in software supply chain security; Dasera and its data governance platform; Lightspin's graph-based analytics for attack path exposure in cloud-native environments; Neosec's technology for mitigating API exposures and threats; Sevco and its focus on comprehensive asset inventory; Talon Cyber Security's secure enterprise browser; and Torq's no-code security process automation system.
Given that at least half the nominees target aspects of the emerging field of threat detection and mitigation for cloud-native applications and environments, it was surprising that Talon won the event, with a technology that represents a variant on securing the browser that has been broadly evident in the market for years. This, however, may speak to an ongoing need that the judges see as still not yet completely addressed. The points at which technology interacts with people remain a high concern to organizations in many ways. Browser use and the exploitation of the browser fall within this domain, and despite the long-standing presence of vendors in fields such as browser isolation, the Innovation Sandbox panel apparently still sees the need to secure this environment as preeminent. This is not the first time judges have opted for solutions to what they see as some of security's less glamourous but more enduring problems. It is still surprising, given existing options in this space, when compared with startups taking on opportunities in more nascent, still-emerging fields.
What next?
With RSAC 2022 now in the rear-view mirror, vendors, participants and organizers now look forward to a compressed security industry conference schedule, with several vendor events and InfoSec Europe following immediately on RSAC's heels, and the industry's "summer camp" of the events surrounding Black Hat and DEF CON only weeks away. Will participation at these events be similarly affected? Will innovation be more apparent as conferences overcome the initial adjustments in the wake of COVID-19? We will be watching these upcoming conferences closely for evidence of what such gatherings may become.