2023 RSA Conference insights: Generative AI and more
Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways.
Since returning from RSA Conference 2023, I've collected my thoughts from the massive sensory input that comes from this four-day, 625-vendor, 700-speaker cybersecurity conference. Attendance at this year's RSA Conference was reportedly 45,000 -- a massive increase over last year's 26,000.
Here are my perspectives from RSAC 2023, starting with the elephant in the room.
Generative AI and ML dominate
I predicted that generative AI and machine learning would dominate sessions, talk tracks and hallway discussions. And I wasn't wrong. There's no arguing that recent innovations in AI technology have had a massive impact on the tech industry.
AI, however, presents two challenges. First, like many other technologies, AI suffers from the "garbage in, garbage out" problem. Poor training data yields poor results. Second, a natural language chat interface might not be the optimal way of working through a problem. Just bolting a generative AI engine onto a cybersecurity tool might not improve the user experience.
Right now, vendors are scrambling to figure out how to add AI to any and every product to ride the wave of popularity -- often without regard to reducing risk or providing value to users. The good news is that few booths in the exhibit hall were shouting about AI. I don't know if that's because booth designs were locked in before the massive generative AI explosion, or because vendors have learned from their experience with zero trust.
Data is the new gold
Of course, data is the lifeblood of any company, and the last decade of digital transformation was all about how organizations can computerize their processes to leverage the massive amounts of data created during the normal course of business.
As we transition to the new AI era, we need an ever-larger corpus of data to feed the AI beast. The more data we have -- as long as it's not garbage data -- the more accurate the AI engines are. This enables businesses to automate decision-making, improving business outcomes and operational efficiency.
Zero-trust reality: It's not a product
Like AI -- and a change from the last few RSA conferences -- few booths were advertising zero trust. I think vendors have finally figured out that customers understand zero trust is a strategy not a product, and security tools can help an organization with its zero-trust strategy. But zero trust is just one factor when organizations look for tools.
Along those lines, a shameless plug for our @Summit sessions on zero trust: I had a great conversation with Bhagwat Swaroop, president of digital security solutions at Entrust Corp., where we discussed how to start and optimize your zero-trust journey. My colleague Mark Bowker chatted with Anudeep Parhar, COO of Entrust, and Chad Skipper, global security technologist at VMware, on integrating post-quantum cryptography, PKI and identity into zero-trust frameworks.
Broadcast Alley
Broadcast Alley was in the Moscone West lobby this year. This was a great location where keynote and session attendees could watch the BrightTALK and Enterprise Strategy Group @Summits sessions or the other media organizations hosting live and recorded interviews with CISOs and industry veterans.
Operational efficiency
Outside of the AI and zero trust bubbles, operational efficiency was the keyword of the week. Organizations still can't find the people with the skill sets they need to drive the tools and increase their security. And with current economic uncertainties, security teams are being told to do more with less. As a result, there's a focus for vendors and customers alike on improving operational efficiency. Another move toward how AI can help is by reducing operational workloads -- paring down the number of alerts, improving alert fidelity and bringing the right contextual information to the forefront.
Identity security needs a platform
As a concept and a terminology, identity security has been around for a while. RSAC 2023 represented the coming-out party for identity security, with numerous identity vendors embracing the term. The highlight was RSA CEO Rohit Ghai's keynote, where he crystallized the concept.
According to Ghai, during the internet era, the core purpose of the identity platform was compliance first, followed by security and convenience. As we transitioned to the mobile era, the core purpose shifted to convenience first, followed by security and compliance. And with the current shift to the AI era, security is the prime concern, followed by convenience and compliance. Today, identity management and access management are table stakes. Thus, in the AI era, we need an identity security platform.
I think Ghai is spot on. I've been saying for years that identity needs a place at the cybersecurity table. And with identity being an atomic component of zero-trust strategies, identity security will mature and be a foundational component of every cybersecurity stack in the next few years.
TechTarget's Enterprise Strategy Group was out in force for 2023 with our team of six cybersecurity analysts. And since RSA is such a force in the tech industry, we were joined by five other Enterprise Strategy Group analysts, as well as the BrightTALK team to produce and broadcast our @Summits sessions. We were booked nonstop with sessions and meetings from early morning to late at night. If you didn't get a chance to say hello, please reach out to us, and we'll get together for a post-RSAC chat.
