Feet on the Street: RSA Conference 2018

In the last few years of RSA Conference, I’ve seen identity go from a niche player in the security industry rarely covered by the media to one of the hottest topics coming out of the conference. And it’s no wonder this is the case, with data breaches hitting headlines daily, of which 81 percent are attributed to the misuse of identity. As the perimeter becomes more and more permeable, and enterprises continue to expand their list of users to include contractors, business partners and even bots – and by extension, also increase their exposure points – it’s no wonder that identity is at the forefront of many cybersecurity professionals’ minds.

RSA Conference is a great place to not only connect with likeminded security professionals, analysts and journalists, but also a place for us to meet with our customers and partners and talk about the current and future identity landscape and how SailPoint fits in. This year was no exception, and here are some of the most buzzworthy topics we heard last week:

Artificial Intelligence and Machine Learning. This is not futuristic talk anymore. Artificial intelligence and machine learning are relevant, and enterprises are seeking cybersecurity solutions that will incorporate these technologies to help them achieve their goals. When it comes to identity governance, artificial intelligence can bring data analysis and machine learning to identity governance programs to solve some of the most common challenges that IT teams face. Whether it is detecting anomalous behaviors and potential threats or automating low-risk access controls and approvals to improve efficiency and productivity, artificial intelligence can improve on existing identity governance programs.

Finding and Securing Data Stored in Files. Once we covered the basics in identity governance with journalists and analysts, the questions naturally turned toward the next great challenge: data stored in files. We love having these conversations, because the next frontier in identity governance is exactly that. We’re paving the way by helping our customer extend their identity governance programs to include data stored in files, which makes up 80% of enterprise data and represents a huge threat when left undiscovered and unsecured. The need for this type of service will only continue to grow as more regulations are enacted and more data is taken outside of IT’s purview and into cloud file shares.

Visibility in the Enterprise. At the end of the day, what most cybersecurity professionals want and need is visibility into who has access to what to help them manage risk in the midst of their digital transformation. It seems like a simple question, but with the growing number of users, applications and data in the hybrid enterprise IT environment, it truly is a gargantuan problem. As digital transformation continues, identity becomes the system of record for enterprises to map users to applications and data, providing this much-needed visibility. It’s only through identity governance that enterprises can accurately answer the questions of who has access to what, who should have access to what, and what they’re doing with that access, ultimately providing a 360-degree view of the enterprise.

Upcoming Regulations like GDPR. With GDPR quickly approaching, many cybersecurity professionals at the conference were focused on how to comply with the regulations before they take effect. While we don’t yet know all of the implications of GDPR, what we do know is that data breaches aren’t slowing down and global enterprises must take steps to adhere to these strict regulations or face the consequences, including hefty fines and brand damage. One way to do this, as I mentioned above, is by finding and securing sensitive all data, included data stored in files like documents, spreadsheets and presentations. Being able to answer the questions of where sensitive data is stored and who has access to it will be a key component of GDPR compliance.

The Power of Partners In many of my discussions with both journalists and analysts, the importance of strong partnerships with other best-in-breed cybersecurity vendors was a hot topic. As the cybersecurity landscape continues to evolve and cyberthreats become more sophisticated, an innovative cybersecurity strategy that incorporates defense in depth becomes more and more necessary. Customers are looking for groundbreaking options like our open identity platform, which allows them to provide identity context to other cybersecurity and IT solutions like privileged access management, access management, service management, or SIEM. Beyond just simple connectors, customers need innovative solutions that truly work together to effectively defend against cyberthreats.

As always, we enjoyed meeting with our customers and partners at this year’s RSA Conference to talk about identity governance, as well as having conversations with cybersecurity professionals who are looking to begin their identity journey. While the buzzwords and booth giveaways might change from year to year, the need for innovative cybersecurity solutions to address the ever-changing threat landscape remains the same. We all have to stay on our toes to meet the current and future needs of the enterprise, and identity is one of the best ways to face this challenge.