Since 1995, an annual spring pilgrimage to San Francisco for RSA Conference has become a meaningful tradition for tens of thousands of cybersecurity professionals. With innovative cybersecurity strategies to discuss, technology investments to make, and reunions to attend with friends and colleagues, the conference has become a mainstay on security professionals’ calendars worldwide. Unfortunately, the weeks leading up to this year’s conference were fraught with news of COVID-19 (coronavirus) related vendor and attendee cancellations.
Heading into the conference, we at Ping Identity were worried that so many of the powerful identity security conversations we always have simply wouldn’t take place this year. Boy, were we wrong! Despite approximately 15% fewer attendees than in 2019, the conference was filled with impactful conversation with those seeking to transform the way they provide access to customers, employees and partners.
RSA Conference 2020: The Human Element This year, conference organizers chose a close-to-home theme for security teams of every type: the human element. The RSA conference website dedicates a section to explaining this theme, the impact of which was most salient in its final line:
“When we recognize that cybersecurity is, fundamentally, about people protecting people, the world becomes a better, more secure place.”
In alignment with this mission, security leaders have taken broad ownership of two conflicting human elements within their domain:
Security administrators, who implement controls to make their organizations safer
Non-security end users, who often incidentally make their organizations less safe
This year’s conference keynotes, sessions and expo hall were filled with strategies and ideas on how to address the human elements of cybersecurity. In this blog, I’ll provide a brief summary of the larger themes at this year’s conference. In each section, you can find links to sessions, most of which contain video recordings of the sessions themselves.
The Human Element: Identity As the foundation of seamless and secure access for customers, employees and partners, identity was once again in the spotlight at RSA Conference. Discussion topics ranged from implementing identity basics like SSO and MFA to the vulnerabilities of those same technologies based on how they’re implemented, configured and deployed. Beyond the basics, leveraging identity to implement Zero Trust broadly, securing all of an organization's resources from legacy web applications to modern mobile apps and APIs, was a common thread at the show. Finally, the techniques of using analytics, artificial intelligence and machine learning to enable identity intelligence were also popular themes this year.
The Human Element: Privacy The General Data Protection Regulation (GDPR) went live almost two years ago, kicking off a worldwide movement for consumer data privacy and security. The global barrage of regulations, from the California Consumer Privacy Act (CCPA) to Australia’s Consumer Data Right (CDR), has prompted a wave of strategies on how to comply with regulatory requirements as well as how to differentiate on privacy. Privacy coverage in this year’s conference sessions ranged from how compliance teams can navigate the multi-state web of regulations in the U.S. to what customers really want from organizations they interact with online.
The Human Element: Security What is RSAC if not a security conference? While education on preventing highly sophisticated cyberattacks from nation state attackers is always fun for a session or two, for many it’s not as practical as some of the other topics. This year’s conference included sessions on the cultural elements of cybersecurity and how to best educate and leverage employees as your first line of defense. Furthermore, as organizations we often think first of non-technical roles like sales and human resources as those exposing organizations to the most risk. But a risky human element rising in cybersecurity importance includes application developers, and there was a great deal of buzz at this year’s conference on that persona as well.
The Human Element: Talent The shortage of cybersecurity talent is an ever-present, cross-industry challenge. This year we heard from industry-leading security executives on creative strategies they’re implementing to augment their security talent pipelines. From looking for job candidates in non-traditional places to reimagining how security teams operate, there was no shortage of sessions on closing the talent gap. A refreshing look at ways diversity in identity and security can impact organizational success also took place this year.
The Human Element: On the Expo Floor Between the food and drink, the freebies and the booth gimmicks, the show floor at RSAC is a spectacle. Vendors (Ping Identity included!) seek ways to attract visitors to their booths using a combination of targeted messaging, presentations, product demonstrations and more. In our booth’s theater, we had the opportunity to host Ping presenters as well as our Technology Alliance Partners for informative presentations on a wide variety of topics (see full schedule below).
Baber Amin, Ping Identity, “Zero Trust: Security with You at the Center”
Amit Raikar & Dwahnit Shah, Zscaler, “Take Control of Your B2B App Attack Surface - Identity Security with Zero Trust Network Access (ZTNA)”
Jeff Tishgart, SailPoint, “Ping Identity + SailPoint: Secure and Personalized Access and Governance”
Joanne Wu, CyberArk, “Privileged Access: As Personal as it Gets”
Rob Brown, Jitsuin Inc, “Digital Twins Mean Business, Security Twins Make it Personal”
Shout out to our partners, BehavioSec, CyberArk, iovation, Jitsuin, Inc., MobileIron, Preempt Security, SailPoint and Zscaler for presenting at our booth. Visit our webpage to learn more about the Ping Global Partner Network.
Our theme this year was to Make Identity Security Personal, and what’s more personal than your voice? At the Ping booth, attendees were able to create custom SoundWave Art Prints with the ability to play them by scanning an embedded QR code.
Mid-week, we co-hosted a party with SailPoint and CyberArk at the happiest venue in San Francisco: Colorbloq. Friends and colleagues danced, ate and drank the night away in multi-colored shipping containers, played skee-ball and ping pong, and relaxed after a long day at the conference.
Wrapping it up, we’re counting RSAC 2020 as a success, and can’t wait to return next year. Until then, join us for a webinar to learn How to Architect API Security for Zero Trust with Ping Field CTOs Baber Amin and Francois Lascelles.