First things first: these are essentially two distinct topics although at RSAC all things are possible, and who knows, next year could have 40 percent of the show floor made up of GDPR microsegmentation startups differentiated by their greentech, AI, SDN and blockchain.
So here’s some advice on what to look for at RSAC 2018 for GDPR and microsegmentation.
GDPR at RSAC
In brief, GDPR is a European privacy regulation that will impact North American companies who hold data on Europeans. We’ve written some posts here and here on the topic. I’m expecting the track content for GDPR to be substantial since so much of Europe has been getting ready, and North America is in a rush to understand. This is exactly the reason to go to a security conference: Get practical information about something that can impact your job and company. So look for sessions that deal with the “how to” rather than the “what product we made to do it.” If you are looking for services help, check out the show floor for consultants with offices in Europe and North America.
Beware of GDPR-washing: Slapping a GDPR sticker on anything that moves in the hope of getting it attention. Other than DLP and EDRM type companies, be cautious about claims. GDPR is really more of a services play since it is about privacy compliance. Anything that directly deals with privacy and data security could be in scope. From other vendors, it’s ok that they have a GDPR report but don’t let them stretch belief beyond that.
Microsegmentation at RSAC
I’m a segmentation nerd so I’m interested in sharing my thoughts on this market for what to look for at RSAC. In general, microsegmentation has 3 models that can be implemented:
The biggest issue in this fascinating market is multi-cloud. As more companies use more than one cloud source, the native models are under pressure to show how they can play nice and make your life less difficult: No one wants to run multiple brands of something. I don’t expect anything significant to come from these players, but it can be an indicator if they are talking multi-cloud partnerships such as when VMware and AWS announced CrossCloud.
For the 3rd party or firewall solutions, they’re already well positioned for multi-cloud but seem addicted to appliances. I’m watching for any indications they are moving up to support containers or add an agented option, but with such a low percent of their sales in virtual form I’m not expecting too much from the firewalls, but you should consider checking out what your current/incumbent firewall vendor is up to.
The overlay aspect of the microsegmentation market is always the most interesting as it is the most dynamic segment composed of mostly startups. Single-purpose agents used to be a showstopper, but with the evolution towards orchestration embedding security into a host server this is not that big a deal. I expect overlay microsegmentation solutions to be a big deal at RSAC.
For implementation lessons about micro-segmentation, my advice is the opposite as for GDPR. Overall be cautious: It turns out that no two environments are the same for microsegmentation and the data holdings and reasons to segment them are much bespoke. Lessons learned in terms of project planning however are very useful, but be cautious about product recommendations.
So have fun at RSAC. Look for any lessons learned for GDPR, and in microsegmentation look for coverage of server and CSP types. And wear comfortable shoes, and make time to catch up with colleagues.