Trends and observations from RSA Conference San Francisco 2019

As one of the world’s largest and highly-regarded cybersecurity conferences, the RSA Conference has steadily grown from its original form as a phone conference in 1991. Known as the RSA Data Security Conference, its first in-person event drew more than 200 attendees. Today, simply known as the RSA Conference, its events have spread over the globe in addition to their yearly San Francisco conference.

The 2019 RSA Conference in San Francisco took place March 4 through March 8 at the Moscone Center. And as in past years, RSA attracts bigger crowds of cybersecurity professionals each year. This year the event was bigger and better than ever before, and here are the numbers to prove it:

• 42,500 attendees, 740 speakers and 700 exhibitors
• Almost 10,000 more visitors attended RSA compared to 2017
• 135 new companies were on the show floor
• Nearly 500 presentations and 700 speakers

Utimaco’s observations from the 2019 RSA Conference

Utimaco was there. And during our visit to the 2019 RSA Conference, we made some observations. The conference is changing in response to the cyber-security industry itself going through some major changes.

Here are some of the show floor observations and trends that we would like to share:

• The total cyber security market is growing with an expected growth of $1 trillion between 2017-2021
• Industry experts expect that total breach cost size will grow by $6 trillion by 2021
• CISOs and Market analysts expect to see major consolidations and some newcomers
• Network – Securing the network is the action point that most CISOs have crossed off their list as ‘done.’ Securing endpoints is the next generation challenge taking its palace.
• SIEM/SOAR – CISOs are unhappy and drowning in data. Some of the market leading offerings are very expensive, automation is not good enough, and the emergence of new market entrants like Google Chronicle raises high expectations for the future.
• Identity & Key Management – It is a market that is still experiencing high growth, but different vendor offerings are fragmented between Identity, Privileged Access, Machine Identities, Key & Certificate Management.
• CISOs see phishing & identity attacks still as the biggest attack vector. Key management in the cloud is extremely sensitive for CISOs. As one CISO from the finance industry put it: “Key Management is my biggest headache.” (Read more on Key Management at Utimaco)
• Cloud – As a cross-vertical, the Cloud has an effect on all. Even though the Cloud Service Provider market is dominated by the few big players and multi-cloud is an old hat, it is still relevant in practice. CISOs still encounter many issues with ownership, liability share between user and cloud service provider, and policy enforcement problems.
• CISOs are now realizing they are getting locked in by Cloud Service providers. Some find that inevitable, and others are looking for smart solutions and architectures to remain vendor independent – staying in control of their cryptographic material. The solution to that is not in any one product, but in best practice architectures.
• The new kid on the CISO block is Post-Quantum Crypto – The bad news is, according to experts, only about 5 % of companies have understood to what extent this is relevant for their business.

How is Utimaco responding to new trends

Utimaco offers the only private HSM in the Cloud, CryptoServer Cloud, that allows you to set up this type of architecture. It is the only offering in the market that allows you to keep your keys separate – in your own private HSM and away from the Cloud Service Provider’s equipment on a global level. It provides organizations with a multi-cloud strategy and the flexibility to move high value assets into the Cloud, between Clouds and back out of the Cloud. 

Utimaco has recently become known as one of the enablers in the post-quantum cryptography (PQC) space – which is why a number of large IoT and PKI solution vendors such as LG Electronics, Microsoft Research and DigiCert have partnered with Utimaco (Read more on Utimaco's Research Network).

At RSA, we had the honor of hosting Avesta Hojjati, Head of R&D at DigiCert, to present their proof of concept implementation into a PKI. The DigiCert research project, which the presentation was based around, uses the quantum-safe algorithm “Picnic”, developed by the team lead by Microsoft Research, on a Utimaco HSM.

Looking to future

Utimaco plan to pre-announce the Applied PQC Expert Network in time for the November 2019 Applied Crypto Symposium in Silicon Valley. Stay tuned for updates on this exciting new technology.