Putting Privacy First: Takeaways from RSA Conference 2020
What happens when you put hundreds of security professionals in a room? They come together to identify and discuss the emerging cybersecurity trends, challenges, and opportunities. At this year’s RSA Conference, the theme was “Human Element,” reminding us that every technology-related decision, innovation, and risk has direct impacts on individuals and communities.
Naturally, privacy was at the centre of many conversations at the conference, and was a core topic in a majority of the sessions. It’s clear that privacy has become a C-level concern, with CEOs, CIOs, and CISOs re-evaluating—and reaffirming—the role it plays in their broader security strategy and their offerings.
The conference also highlighted several other trends that showcase just how much companies are embedding security and privacy across various processes and infrastructure; a trend that will continue to evolve over the next ten years. For those who weren’t able to make it—or simply need a refresher on the latest trends—here’s what we learned.
Companies know that privacy is non-negotiable
When it comes to privacy, companies are being held accountable more than ever before by far-reaching regulations like the General Data Protection Regulation (GDPR), the California Privacy Act (CCPA), and the Children’s Online Privacy Protection Rule (COPPA). Customers have also become increasingly aware of these regulations and how their data should be handled—making compliance an important driver of customer trust.
This puts companies in a bind. With all the user data available to them, businesses want to differentiate themselves by offering greater customisation, personalisation, and choice. But it’s easy to end up in a legal grey area where a practice that benefits the business actually violates the customer’s privacy.
This is a widespread conversation being had across most companies—a fact that was evident at this year’s RSA Conference, where over 700 speakers and more than 650 exhibitors shared their experiences with privacy and security. Keynote speakers included representatives from Go Consulting International, Trustwave, Luta Security, and Veracode.
The conference included more than 500 individual sessions, many of which were devoted to privacy protection. Behnam Dayanim, Partner and Global Chair of the Privacy & Cybersecurity Practice at Paul Hastings LLP, showed that while California used to be the lone jurisdiction in the USA with privacy legislation in 2002, there is now a “thicket” of different policies spanning from coast to coast.
Our own Associate General Counsel, Privacy & Product, Timothy McIntyre participated in a panel discussion on the National Institute of Standards and Technology’s (NIST) privacy framework. During the discussion, he highlighted the steps that Okta took to adopt this flexible framework, advising companies on how to implement adopt the selection of best practices that make the most sense to their business.
Get ready to see more PrivacyOps
Privacy is rapidly becoming a company-wide consideration that presents new opportunities for innovative solutions. This is where PrivacyOps comes in. While privacy has primarily been handled by a siloed team, businesses are now investing in technology-driven solutions to streamline and fully automate the compliance process, focusing on multidisciplinary and cross-functional approaches.
It’s a concept that’s gaining traction: it was PrivacyOps company, SECURITI.ai, that claimed the top prize in the annual RSA Conference Innovation Sandbox Contest. Its PRIVACI.ai solution leverages proprietary AI and robotic automation to help companies comply with global privacy regulations and grant customers control over their own data.
Evolving beyond traditional DevOps
DevSecOps is an emerging field that everyone was tracking closely at the RSA Conference 2020. Just as DevOps was established to break down barriers and extend key business workflows across the product design process, it’s now important that robust identity and security measures are built-in at every stage of the product lifecycle.
The problem is that with the current pace of innovation, developers don’t have the time or resources to add more processes, let alone increased collaboration with other departments. Having tools and architectures in place that help prioritise and automate security integration can be a huge benefit, but they’re not the be-all and end-all. Moving forward, it will be essential for developers and engineers to bring a secure-by-default mindset to everything they do.
Embedding security in the internet of things
As we continue to use IoT systems and devices, there is a massive amount of data being collected, processed, and analysed at the individual device (or at the edge)—instead of in a more centralised server. This leads to growing security concerns, especially as enterprises are increasingly deploying IoT technology within their industrial control systems (ICS).
Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), spoke about this, detailing the rapid growth of ransomware attacks targeting ICSs, which turn critical infrastructure into massive vulnerabilities. As such, security solutions for IoT systems are going mainstream across the globe, and we expect to see ongoing evolution in this space as we progress through 2020.
Join us at Oktane20 Live
Even as the cybersecurity space continues to transform, the need to double down on privacy protection and compliance should be both a short- and long-term priority. Now that the RSA Conference has concluded for 2020, I look forward to continuing the conversation around cybersecurity and innovation at Oktane20 as we focus on how identity and access management can further achieve these objectives.
For the first time, Oktane20 will be a virtual conference and is free of charge for all attendees. Register today.