The excitement and bustle of the RSA Conference is less than a week away! This year’s security theme relates to the “Human Element,” or how the ideas, creativity and knowledge of security professionals all play a part “in protecting the digital world.” Here at ZeroNorth, we’re excited for this year’s conference, as augmenting the capabilities and limitations of human cybersecurity professionals is a major part of our mission. To prepare for this year’s conference, we asked ZeroNorth team members, What are the biggest trends and predictions you expect to see play out at RSA 2020?
Nobody Puts Security in the Corner
Expect to see continued discussion around everything that now falls under the general category of “security.” While it’s great we’re no longer silo-ed under IT, answering the question, “am I secure” is more complicated than ever. If you’re attending the RSA conference, you already recognize the need to reduce risk across the software development lifecycle (SDLC), for both infrastructure and software vulnerabilities. But you also likely know, speed matters and sometimes security tradeoffs are necessary to get products to market in a timely fashion.
“A hot topic at RSA will be DevSecOps and how we continue to build the bridge between security and development,” says Corey Ellis, ZeroNorth regional vice president of sales. “Yes, security is the responsibility of everyone, but developers need to be held accountable for the code they put out, and security is responsible for strengthening the relationship between the two groups.”
Solution Architect at ZeroNorth, Patrick Hayes agrees. “DevOps has created a paradigm shift requiring the security group to evolve their approach to securing the applications and infrastructure that drive business. I think there will be a lot of focus on what security can adopt, whether it be processes or technologies, to continue to build that relationship with development.”
Scalability and the Next Big Thing
Contrary to popular belief, the current state of cybersecurity has nothing to do with awareness or the lack of technology and training. We know how important application security and testing tools are, which is why many enterprises have already implemented somewhere between 12 and 15 on their own. But using these tools effectively isn’t always simple and often requires separate teams and resources for overall management. This issue of complexity is happening right now, never mind the future.
The scalability issue of our already-stretched human beings becomes an even bigger problem when we start looking at next-generation infrastructures. Companies are moving workloads to the cloud, adopting new technologies like Kubernetes and microservices and expanding third-party networks, all of which means a potentially greater attack surface for cybercriminals.
“I expect we’ll see more focus on API Security due to Facebook’s Cambridge Analytica fiasco,” says Taylor Pierce, regional vice president at ZeroNorth. “Most organizations haven’t even considered the attack vector that APIs present and are playing catch up. The same goes for supply chain security and making sure third-party vendors are meeting security best practices. This process of data collection creates a major bottleneck for vendors, as well as the teams responsible for assessing risk.”
Patrick Hayes adds, “Cloud adoption and infrastructure-as-code technologies have been around for years but have recently gained popularity in verticals that had been cloud-adverse. I expect to see innovation around this problem this year.”
As cybersecurity professionals struggle to secure these assets, let alone keep track of them, the sharing of best practices will be key to combating the next generation of threats.
“Prioritization is a hot topic,” notes Thaddeus Walsh, ZeroNorth solution architect. “We’ve seen threat intelligence solutions in the past, but we haven’t seen vulnerability and operational security tools focus on getting their customers to what matters.”
Director of Field Engineering at ZeroNorth, Ethan Goldstein adds, “From a security perspective, I expect to learn more about how companies are managing their transition to microservices, particularly in the way security must catch up to development. This includes aligning to the rapid change that comes from abandoning traditional application development.”
What Will You Learn… and Win?
In a time when speed is everything, and while the security stakes have never been higher, IT and security leaders recognize the need for a new approach. This is where ZeroNorth excels. Our platform is built to bridge the gap between developers, IT operations and security operations teams. Visit the ZeroNorth booth (#5360 in Expo Hall North) to get a demo of our risk-based vulnerability orchestration platform and earn yourself a chance to win Bose noise cancelling QuietComfort 35 II wireless Bluetooth headphones. If you’d like to schedule a time to meet at the show, we’ve got an easy meeting request form available. See you there!