Getty Images/iStockphoto

Top cloud security takeaways from RSA 2022

Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG.

It was great to be back at RSA Conference in San Francisco this month. For many, it was the first in-person conference since RSA 2020. Attendance was lower at 26,000 compared to 36,000 in 2020, with some vendors and attendees not able to make it due to COVID-19.

But the lower numbers and freed-up floor space in the expo hall brought less crammed hallways and seating areas. Having some empty floor space in the expo hall was a nice change from how packed it was in past years. Those of us who have regularly attended were happy to get together again in person.

Many have asked about my top takeaways from RSA this year. Here are the key themes I saw in my cloud security and application security coverage areas.

Transform: Adapting security for digital transformation

With its "transform" theme, this year's RSA conference reflected how organizations have faced the last two years of the pandemic and a largely remote workforce. Every company across any industry had to be a software company in order to survive. We saw brick-and-mortar companies going online. And for many companies, survival depended on digital transformation using cloud services.

Leveraging cloud services helps organizations gain the benefits of a cloud service provider taking care of hardware, physical infrastructure and maintenance. It makes it easier for developers to deliver software to customers. But increasing productivity and being able to serve more customers online makes security more important than ever.

Generating a lot of discussion around this transformation, cybersecurity leaders are challenged to enable digital transformation -- but they need to transform their programs to protect the applications they are delivering via the cloud.

Research on cloud-native security maturity from Enterprise Strategy Group (ESG) showed the majority (88%) of organizations believe they need to evolve their security programs to secure their cloud-native applications. It also showed most organizations (88%) suffered from security incidents resulting in serious consequences, including loss of data, impacted service-level agreements, the introduction of malware and the need to pay fines for compliance violations.

Organizations are under pressure to find better options to help them manage security and risk as they move their applications to the cloud. Having worked for many years on the vendor side, I see this as an opportunity to create security products that help security teams become enablers for transformation rather than blockers. No one wants security to become a bottleneck.

Security products should help drive efficiency throughout the software development lifecycle, using automation or by correlating data to reduce the manual work required for development and security teams. Goals should include reducing the number of coding defects deployed to the cloud and rapidly responding to any issues when the application is in runtime.

Scaling security while facing a cybersecurity skills shortage

Speaking of driving efficiencies, a big challenge for cloud-native security is scaling security as development teams grow. ESG research on the life and times of cybersecurity professionals reported the most significant skills shortage in cloud computing security (39%), followed by security analysis and investigations (30%) and application security (30%).

The study also reported on the impact of the skills shortage, in which 62% of respondents said they are dealing with increasing workloads on existing staff. Meanwhile, 38% said new security jobs remain open for weeks or months, and 38% reported high burnout or attrition among security staff.

This creates demand for security products that can automate key processes or help staff save time from tedious, manual processes. Look for products that will aid security teams in their roles. Ideally, they will see fewer security issues, and automation or help prioritizing needed actions are impactful in reducing risk.

Tool consolidation

Another key theme is the move to consolidate tools. My colleague Jon Oltsik, ESG senior principal analyst, presented new research from ESG and the Information Systems Security Association (ISSA) showing that organizations are moving toward product integration and multi-product security.

Top challenges include the burden of managing products or tools separately. It is difficult to get a complete picture of security status when using so many disparate security technologies. Organizations simply don't want to keep adding separate, siloed tools. They prefer a consolidated approach, ideally with a platform or integrations that tie together data to provide context to streamline needed actions. There is a big move away from any tool that will add more alerts, as organizations want to streamline their approach.

Great conversations

All in all, it was a wonderful conference bringing people back together for meaningful and productive conversations. It's always great to meet with security practitioners and leaders to learn about their biggest challenges and how they are addressing them.

It is exciting to cover this space to see how we are evolving security in ways that leverage cloud infrastructure and development practices. Instead of being overwhelmed with the complexity of securing assets in the cloud, we can take advantage of modern processes to better incorporate security.

ESG is a division of TechTarget.

Dig Deeper on Cloud security