It’s Conference Season: Zero Trust Perspectives on RSA Conference and VeeamON
Guest blogger Jason Garbis is the Founder of Numberline Security, co-chair of the Zero Trust Working Group at the Cloud Security Alliance, and author of two books on Zero Trust. He joins us to share insights on information security and Zero Trust.
It’s been a very busy spring conference season, with a lot of activity in both the Information Security and Data Backup and Recovery arenas. I’ve been fortunate to be able to participate in both attending and presenting at the RSA Conference and the recent VeeamON event. While these are two very different types of events, yet there was some clear commonality between them. Specifically, there’s a great deal of interest in putting Zero Trust into practice and being able to show concrete and rapid results.
RSA 2024 in Review
RSA Conference is the industry’s largest information security event, and it was back at pre-pandemic attendance levels of over 41,000 people. The vendor expo floor was consistently packed with people throughout the day, even with a few vendors opting not to exhibit this year but instead to host their own parallel events.V
There also was a heavy emphasis on AI, as you would have expected this year. Many of the exhibiting vendors emphasized how they are using AI to improve security results for customers, mostly with a reasonable amount of credibility. A few vendors were touting their capabilities around securing AI – mostly for enterprises’ visibility and control of employee usage of cloud-based AI systems.
Zero Trust messaging and promotion was also clearly present among vendors, although perhaps in a more muted fashion than in previous years. I view this as a reflection of the increasing maturity of Zero Trust, and the broad acceptance of it as a mainstream and effective approach.
Between the vendor booths and the many Zero Trust-related conversations I had with other attendees, I’m definitely seeing an emphasis on getting value from Zero Trust as opposed to it being a buzzword. For example, at the conference, I led a Birds-of-a-Feather session on the CISA Zero Trust Maturity Model. There was a great deal of interest in this – the session was oversubscribed, with a queue of people waiting to get in. Also, my presentation on the Zero Trust Data Resilience was well-attended, with over 250 people in the audience.
VeeamON 2024: A Heightened Focus on Security
The VeeamON conference was also enlightening and energetic, with a great combination of Veeam, customer, and partner presentations. The theme of VeeamON was “Data protection, intelligence, and security are converging. Are you ready?” This was supported by customer presentations, technical sessions, and announcements of new capabilities from Veeam and partners, including Object First.
At VeeamON, I was part of the panel Zero Trust Data Resilience: From Theory to Practical Application, along with Ray Heffer (Veeam Field CISO), Zach Young, (a Veeam customer from Centerbase), and Anthony Cusimano from Object First. This turned into an excellent discussion of not just Zero Trust but information security and threat models in general.
A Zero Trust Data Resilient Future
The upshot is that because our enterprises are now fully digitized, everything we do utilizes our IT infrastructure – which means that it must be managed, monitored, backed up, and secured. Backup systems are, of course, a primary target for malicious actors, so we need to apply security measures at an architectural level, protect our data from an operational perspective, and apply threat intelligence and monitoring for proactive defense.
These are good indications of the desire for practical Zero Trust advice. People are definitely aware of the need for the modern approach that Zero Trust brings and are excited about extending it across their enterprise. Through these presentations and informal discussions, I received good, positive feedback on the idea of enterprises being empowered to extend or modify the CISA Zero Trust Maturity Model, as well as on the particulars of the Zero Trust Data Resilience (ZTDR) model which applies Zero Trust principles to data backup and recovery.
We’re very optimistic about how Zero Trust Data Resilience will help improve enterprise resilience against ransomware and look forward to collaborating with our enterprise customers on their Zero Trust journeys