Due to COVID-19, RSA and Gartner’s conferences were rescheduled and ended up being held at the same time. With two of the biggest cybersecurity conferences happening simultaneously, emerging trends and themes in the industry were widely discussed by the top cybersecurity professionals from across the world. Here are some of the most popular topics that came out of these renowned conferences.

A race to zero trust

Zero trust was everywhere you looked across the scores and scores of endpoint and detection response companies at Gartner and RSA. Not only were booths showcasing their zero trust capabilities, many presentations focused on how to build a solid zero trust architecture. This isn’t surprising because a recent survey of CISOs found that over 90% of organizations are on some kind of zero trust journey.

More reading on zero trust:

• Zero Trust Security: What It is and How to Achieve It
• How Passwordless and Unphishable MFA Underpins Zero Trust Initiatives
• How Beyond Identity Reinforces Your Zero Trust Strategy

Passwordless proliferation

"Passwordless" was a term splashed across booths and in presentations, revealing the general consensus that passwords will be ultimately relegated to the annals of history. But while the term may be a nice one, the devil remains in the details, since even a slate of "password manager" tools refer to themselves as passwordless.

Gartner highlighting passwordless as a core theme during their conference is on brand for them, as they announced back in January that passwordless authentication should be a priority in 2022.

More reading on passwordless authentication:

• Passwordless Authentication: What It Is and How It Works
• NIST and Passwordless Solutions: Meeting Compliance Needs
• Why Strong Passwordless Authentication is a Foundational Element of Your IAM and Security Portfolio

Identity becoming a full-fledged citizen in the security world

Identity and Access Management (IAM) vendors were finally front and center, rather than off to the side. While this is a welcome change, some identity vendors can stand up to the heat and provide products and solutions that can meet ever more stringent security and compliance requirements and provide true protection, while others wilt under closer scrutiny.

The leftward shift is on

The concept of “shifting left” was everywhere. The notion of shifting left in the development process is to integrate security into every stage of the lifecycle—from requirements, through design, build, test, and deployment. It can also be crucial in properly securing application source code and modern infrastructure as code that is powering the automatic configuration of cloud-based resources. Some, like VMware, referred to this as "API is the new perimeter," while others sought to introduce that identity was the critical first step.

More reading on securing the development process:

• Thwart Supply Chain Attacks by Securing Development
• 3 CI/CD Pipeline Security Best Practices

DevSecOps and SecDevOps

The desire to bring the developer and the SDLC cycle into the security world was evident, as Integrated Development Environment (IDE) and code-scanning tools were abundant. With software supply chain attacks on the rise and malicious code wreaking havoc, it’s no surprise that cybersecurity professionals are taking notice and looking to do a better job of locking down their DevOps environment and tooling.

More reading on securing the development process:

• Secure SDLC Best Practices
• Security Vulnerabilities in Git Solution Brief

Artificial Intelligence (AI)

AI and machine learning has already begun to crop up more and more in detection and response tools, with it appearing in endpoint and network detection all the way to email security tools. It was predicted that AI will play an even larger role in coordinating detection and response processes—both in the technical components but also organizing a business response and ensuring that computer and network resources will be allocated to the most important business processes.