The 2023 RSA Conference is fast approaching. This will be the second year of in-person attendance after the pandemic-induced interruption, and several our information security analysts will be at the conference in San Francisco later this month.

For our analyst team, the conference week presents an opportunity for dozens of scheduled and hundreds of ad hoc face-to-face discussions, something that’s difficult to replicate outside of a major security conference. Fortunately, talk tracks on demand — a pandemic holdover — remain this year because they allow us to catch up on what we might otherwise miss while meeting with vendors. There is little that replaces the in-person aspects of conferencing; in the words of one of the practitioner members of the 451 Alliance:

“[At a conference] sometimes magic happens for me when you go to lunch or breakfast with all the other customers and you're sitting in this giant room…You start benchmarking. How do you do this? What are you doing about that? And you hit pure gold sometimes. And sometimes, those end up being relationships where you exchange ideas on an ongoing basis after that.” – IT/engineering manager/staff, 100,000+ employees, $10 billion+ revenue, food and beverage

The innovation sandbox, another RSA Conference staple, allows newer security vendors to compete by presenting their product pitches to a panel of judges. These products are bellwethers because they reflect early-stage solutions to emerging, difficult-to-solve problems in the security space, such as: extending access to third parties, prioritizing fixes to infrastructure as code, identifying key open-source risk, API security, automated data asset inventory, third-party diligence enablement, SaaS security, and the emergence of tools to securely leverage AI techniques.

Based on their individual coverage and emerging trends, our information security analysts have noted particular interest in the following topics:

• “We’ve been tracking trends such as the increased impact of the cyber insurance opportunity in security technology and services markets. But when it comes to a key topic for RSA, there’s no question that AI is on everyone’s mind — including security practitioners. In security operations, for example, AI offers huge potential as an enabler for human expertise, realizing more actionable findings in a mass of data and automation far beyond what’s available now. The paradox is that its risks are still not yet well understood, and we’re already starting to see incidents. Given the disruption that large-model AI is likely to introduce, this could be a major focus, not just for cybersecurity, but for a wide range of risks, for years to come.” – Scott Crawford
• “In the post-covid in-person customer meetings I’ve had, vertical-market specialization is essential to stand out and be relevant to technology buyers. I’m interested in learning more about how vertical-specific themes like securing the energy grid, enabling supply chain resiliency and protecting financial data appear at RSA this year. RSA will undoubtedly have a significant number of industry participants and vendors, and I look forward to seeing how they stand out from the crowd.” – Maria Cornett Bertram
• “As an industry, we constantly lament the continued reliance on passwords, and rightly so. Yet passwords are still nearly ubiquitous, and just 61% of organizations use MFA in some form, below other security tools like firewalls, SIEM and email security. One reason is that the trade-off between usability and security persists – the most deployed authentication factors (mobile push, SMS) are the least secure, and vice-versa. Recent efforts around passwordless MFA are looking to overcome this trade-off and combine greater security with a positive user experience, and we expect to hear more about new innovations in MFA at RSA.” – Garrett Bekker
• “Like quantum superposition, cybersecurity seemingly exists in two states at once: an urgency to respond to immediate threats and requirements, but also a more strategic mindset to address long-term uncertainty and societal challenges. Data privacy is no exception in this regard, and some of the key themes I will be exploring at RSA are how organizations are aligning their mandated privacy responsibilities with aspirational objectives to maximize business performance, customer engagement and even human quality of life.” – Paige Bartley
• “Wading into the sea of security technologies that is RSA, I’ll be looking to seine out the network security details to understand where the promise could truly play out. Maybe Eric Idle’s keynote theme, “Stronger Together,” will better characterize the blending of generative AI and the streams of telemetry that we’ve been struggling to put to work. Last year’s SASE crests have moderated to swells of deployment, but there’s still a lot of open ocean left to cover.” – Eric Hanselman
• “With the “Stronger Together” theme, I’ll be looking for data security trends that are better at understanding the environments where they operate. Data security solutions must work at both scale and speed, with the speed of integration to applications, users, clouds and systems paramount. I’ll also be looking for how data security vendors can better support their customers’ multicloud journeys, especially with digital sovereignty initiatives emerging in Europe and beyond.” – Justin Lam
• “In application security, there’s rarely a week that goes by when I’m not asked about software bills of material, some aspect of software supply chain security, or the latest in API security. Emerging “shift-right” protections are going beyond prior offerings such as WAFs and RASP solutions, and with a slew of application security testing tools in play in many enterprises, the larger questions have to do with maintaining developer experience and remediation prioritization.” – Daniel Kennedy
  
  

The team looks forward to seeing you in San Francisco.