We hope everyone has recovered from RSA by now. If you are like us, you had to catch up on sleep as much as these Sea Lions in San Francisco Bay.
We had a great time meeting vendors, partners, and networking overall, and thank everyone who spent time with us. This year’s event was centered around the theme of “Transform,” which is really on-point for the world we live in.
As we always say at Echelon, cyber threats are always evolving, so we should too. As companies transform to meet these ever-changing threats, there’s significant work yet to be done around Zero Trust, Identity and Access Management (IAM), and managing risk as your organization embarks on digital transformation.
Here are my key takeaways from the event:
There’s no “one solution” for Zero Trust
We really enjoyed our sessions and vendor conversations surrounding Zero Trust. Hearing from and meeting with resources such as Jason Garbis and Jerry Chapman, who literally wrote the book on this subject, was a real pleasure. The content and conversations further drove home the realization that there is no product or solution that is going to solve the Zero Trust problem for your organization.
Not unlike any other cybersecurity framework, architecting a Zero Trust strategy is a journey that involves multiple components. One of the things that excites us about RSA is being able to interact with solution providers who continue to innovate.
While the marketplace hasn’t fully answered some of the Zero Trust challenges in a comprehensive manner, there have been notable improvements in the maturity of many technologies, as well as some novel approaches that have been developed. In particular, developments surrounding solutions that protect against web borne threats, including new remote access technologies, improvements in web security gateways (particularly regarding browser isolation), air gapping technologies, and micro segmentation systems are moving in the right direction.
Over the last year, we have been hard at work building out Zero Trust reference architectures, and we are happy to be a resource to help clear the fog surrounding Zero Trust.
Identity and Access Management are more critical than ever
Identity and Access Management (IAM), including Privileged Access Management (PAM), are critical to an organization's security strategy, and one of the pillars of architecting a Zero Trust architecture. There were over 36 sessions just related to IAM at RSA.
A strong identity management program significantly improves upon weaknesses in authentication and access mechanisms common to many organizations. Some of the security controls that modern IAM allows for are MFA, breached password detection, blocking of impossible travel events, and continuous authentication policies (just to name a few).
You must have a solid understanding of your organization’s various identity sources to develop a unified plan to manage and secure your identity attack surface with respect to identity lifecycles and change management. You should begin with a discovery and documentation phase. Once you have identified elements such as your identity sources, key systems, and authentication protocols, you can find opportunities for improvement.
Digital transformations bring TPRM to the forefront
As digital transformations accelerate and the move to the cloud continues, managing the risk of vendors and 3rd parties continues to increase in importance. Stakeholders, clients, and regulatory bodies are increasing their demands for transparency.
The process of both completing and responding to questionnaires, followed by compiling wholistic assessments on a continual basis, can quickly create a large burden on organizations. Luckily, there are great solutions that can centralize review processes and components, allowing you to reuse work and ‘crowdsource’ risk assessment data.
We particularly enjoyed our meetings with our partners Whistic and Drata in this regard, who help solve these challenges.
The greatest value of a conference like RSA is meeting others who share similar challenges, and coming together as a community to support each other and postulate real solutions. At Echelon we believe the security and privacy are basic human rights, and being a part of the attendees who share this common goal reaffirms our mission.
Cybersecurity remains a major resource problem in terms of time, talent, and capital requirements. To address these constraints, new solutions which allow for automation and orchestration are necessary. We were excited to interact with solution providers that were built to address these needs, particularly surrounding SASE, vulnerability management, air-gapping technologies, and Extended Detection and Response (XDR) tools, some of which were industry specific and solved unique challenges.
Overall, we left the event excited about a future where companies are more prepared to transform to meet new challenges.