May 20 2021

RSA 2021: 4 Key Takeaways From Security's Biggest Event

From zero trust to business resilience and the talent gap, cybersecurity professionals have much to work on this year.

RSA 2021 has come to an end, but IT security professionals will spend the rest of the year striving to build on what they learned at the event to protect their networks with better defense systems and smarter security policies.

Here some of the key themes that emerged from one of the biggest cybersecurity events of the year:

Consumer Expectations Are Changing

Businesses scrambled to accelerate their digital transformation initiatives in 2020. They had to: Remote work and business closures forced organizations to lean on technology to maintain operations.

As more Americans get vaccinated and businesses reopen, however, returning to pre-pandemic operations is out of the question. Customers and employees have become accustomed to the flexibility of online shopping and banking, digital communication and remote working.

Yet organizations will find that simply maintaining the same online operations they built this year, under the tightest deadlines and often with makeshift technology, will not do. Businesses will have to up their games on digital customer and worker experiences, said Laura Koetzle, a vice president and group director with the IT research firm Forrester.

“Among consumers, there was a certain amount of, ‘OK, it’s a pandemic, I get it,’ but they are going to quickly become less tolerant of that,” she said. “You’re going to have ensure that those experiences actually scale, work properly and deliver the same emotional resonance that those in-person experiences did.”

MORE FROM BIZTECH: What is DevSecOps, and how can it work for you?

Authenticated Identity Is the New Cybersecurity Perimeter

The time for putting off the transition to a zero-trust security framework is over. Those businesses that were relying exclusively on virtual private networks to enable remote work at the beginning of the pandemic discovered quickly the inadequacy of that approach when they sent their entire workforces home. In response, many have rapidly moved more workloads onto cloud platforms, but cloud comes with its own security demands.

Only a zero-trust framework with authenticated identity as the security linchpin is sufficient for an increasingly mobile world, said Microsoft CISO Bret Arsenault. “It’s got to be about a healthy device, strong identity and consistent telemetry, and I asked every one of my vendors to show me how they make that happen. So, that’s resulted in this ‘zero trust or bust, no exceptions’ model that we have across the entire company and that we hold everyone accountable to.”

Arsenault, who has been guiding Microsoft and its 163,000 employees toward zero-trust security for more than four years, said every organization should be striving to do the same. “When I look at numbers like fewer than 20 percent of organizations have 100 percent multifactor authentication — you’ve got to get that done.”

To Become Resilient, Businesses Must Embrace Chaos

The word resilience has been used a lot this year, typically to describe organizations that have survived, or even thrived, during one of the most challenging times in the history of modern business. The organizers of RSA 2021 even made the concept the theme of the event.

But what is business resilience? RSA CEO Rohit Ghai said that truly resilient businesses are those that “fall less often, withstand the fall better and rise up stronger every time.” As threat actors are striving to create organizational chaos, Ghai said that leaning into chaos, rather than trying to avoid it, is the key to resilience.

“How do you secure chaos?” he said.  “You can’t. You don’t. You focus on resilience by embracing chaos. How? First, expect the unexpected. Trust no one and compartmentalize failures.”

Companies fail to do this, said Gabriel Whalen, manager of CDW’s information security solutions practice. They deploy cybersecurity solutions but don’t always plan for the near inevitability of a breach.

“It’s not a matter of if but when an organization is going to be impacted by a criminal cyber actor,” Whalen said. “Regardless of the size of the organization, it’s a matter of being underprepared.”

WATCH: Learn how to get ahead with automation and security in the new normal.

The security talent shortage is now a crisis

According to the (ISC)2 Cybersecurity Workforce Study, 2020 by research firm (ISC)2, the industry is about 3.1 million cybersecurity workers short of what businesses need; 64 percent of cybersecurity professionals say their organizations are impacted by the shortage.

“Our data suggests that the global cybersecurity workforce needs to grow 89% to effectively defend organizations’ critical assets,” the report notes.

Cisco Systems CEO Chuck Robbins said that providing existing workers with cybersecurity skills and looking in unconventional places for talent are the paths forward. He noted that only 24 percent of cybersecurity professionals are women, even though most new workers today are female.

“We have more unfilled opportunities than we have trained professionals in the world,” he said. “We have to train people, we have to reskill people, we have to continue to develop the existing talent. We have to make it easier for people to get into cybersecurity and we have to look at untapped sources of talent.”

Keep this page bookmarked for articles and videos from the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @RSAConference.

Getty Images/Gordenkoff

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT