Seven Key Takeaways from RSA Conference 2022

June 16, 2022

By Thyaga Vasudevan - VP of Product Management, Skyhigh Security

Skyhigh Security had a significant presence at RSA Conference 2022, which wrapped last week in San Francisco. We showcased our new brand in the Skyhigh Security booth, announced new product innovations, conducted theater sessions, customer meetings, press and analyst meetings, and also held our highly anticipated Customer Advisory Board session. In addition, we took home three trophies from the coveted Global InfoSec Awards. I have to say, it was really fantastic to meet up with colleagues in person, hang out and have dinner and drinks together.

After going through this whirlwind of meetings and discussions, and frequently shuttling between the Intercontinental Hotel and Moscone Center, I finally got the time to put together a few thoughts and trends that emerged for me at RSA – in no particular order:

Cloud Security is no longer an afterthought – it is a front-and-center seat in board room discussions. In many customer meetings, it was clear that people already acknowledge the importance of protecting access and data on the cloud. We did less education for the customers for cloud security this year than before. Also, we were seeing the emergence of customers’ requirements to include the entire Security Service Edge (SSE) stack. They were either in the process of updating their requirements or were planning to do so in the near future to get an SSE RFP out.
Automation is key – Just like any other organization across the world, most security teams are struggling to find good talent in their organization. As such, they want to be able to automate as many workflows as possible. For example, incident remediation, notifications, and business workflows. Also, a guided advisor like the Cloud Security Advisor is something they would love in their environment.
While automation is important, they also acknowledge that security cannot be a hindrance for their employees. In fact, the Head of IT Security in a multi-national organization was very clear that employee behavior is very hard to change – so security enforcement had to be done in a way so that security teams could protect the data on the cloud while allowing their employees to take advantage of the power of the cloud.
To that point, performance of the security solution cannot bring down productivity – Especially true if they have deployed the solution inline. (Think SWG, Inline-Email DLP, or Reverse Proxy.) Any outage or performance downgrade on these systems makes their employees less productive, and the security team then looks bad in front of the management. As such resiliency, reliability and SLAs of the cloud security service become really key.
Unification is a much-desired outcome – Many customers at the Customer Advisor Board (CAB) highlighted the value of a unified DLP solution across endpoint, Web, Cloud and Skyhigh Private Access, and clearly communicated to us how big a value that is for them.
Given the point of less security talent, they want security vendors to reduce the complexity of the products and capabilities that we developed. Keep the experiences simple, consistent, well-documented, and easy to onboard.
Given they leverage other tools of choice, customers wanted security vendors like us to be interoperable with other business tools that they use: Security Information Event Management (SIEM), IT Service Management, Security Orchestration, Automation, and Response (SOAR), etc. It is important to think about tools holistically across SSE.