I am looking forward to visiting San Francisco to reconnect with 45,000 of my closest friends at RSA Conference 2024. As the analyst looking after identity and data security at TechTarget's Enterprise Strategy Group, here are some of the key topics I expect to see highlighted.
AI-washing, generative AI and LLMs
Like at last year's RSA Conference, I expect most vendors to "AI-wash" their products to win the buzzword bingo game.
For better or worse, marketers have to use the right buzzwords to bring in an audience. My question is around the substance of the product offerings and what generative AI does to improve security efficiency and efficacy.
Generative AI and large language models represent a sea change for security, and those LLM waves will push forward some new innovators and perhaps swamp other players. I expect to see some vendors bolt on generative AI to improve their existing offerings, and others to use it from the ground up to disrupt incumbents. I want to understand the substance of what vendors are doing with AI, the nature of their training data and the benefits to cybersecurity practitioners.
Nonhuman identity management
As I've mentioned before, nonhuman identity management -- also known as machine identity management -- is a hot topic. (Note: I want to put a stake in the ground and claim NHIM as my choice to add to the acronym jungle).
Nonhuman identities significantly outnumber human identities and are a growing part of the enterprise attack surface. They require different processes, technologies, workflows and policies than human identities. A wide variety of constituencies inside the enterprise care about this problem, from security teams to IT ops to DevOps. Both established identity and access management (IAM) players and startups are working to solve this problem.
Data security posture management
Enterprise Strategy Group's 2024 Technology Spending Intentions Survey showed DSPM as a top 10 data privacy and data protection priority for 2024. Many enterprises today don't know what their data is, where it is located or who has access to it; DSPM can help with this.
I want to understand the substance of what vendors are doing with AI, the nature of their training data and the benefits to cybersecurity practitioners.
Incumbent data security vendors and startups are striving to solve this problem with a variety of approaches, and RSAC 2024 will showcase their progress.
IAM platform functionality expansion
IT teams struggle to use the tools they've already purchased, and ongoing debates continue between a platform vs. specialized approaches. Will a point product with integrations into the IAM ecosystem best solve the problem, or will integrated platforms offer better value and address a broader swath of problems?
At RSA Conference 2024, I expect to see suite providers expanding their platforms in interesting ways to encompass more functions and provide more value. And I expect to see new options disrupting the existing IAM playing field.
Some of my jaded friends walk the aisles at RSAC, attend sessions and complain about not seeing anything new or innovative. Perhaps it is the optimist in me, but after cutting through some hype and asking some probing questions, I continually see innovation and improvement in solving substantive problems for security practitioners.
Todd Thiemann is a senior analyst covering IAM and data security for TechTarget's Enterprise Research Group. He has more than 20 years of experience in cybersecurity marketing and strategy.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.
