B2B Security

4 Key Takeaways from the RSA Conference for B2B Security

We live in an era where B2B is exposed to greater volumes of data than ever before. This is largely because B2B marketers make use of cloud computing, big data, the Internet of Things (IoT), mobile devices, and other technologies each day. 

As a result, cybersecurity needs to become a bigger priority for B2B marketers than it ever has been in order to keep safe vital data such as customers’ names, addresses, contact, and financial information. 

The most recent 2020 RSA conference, which occurred February 24-28 in San Francisco, had an extensive focus on zero trust, endpoint security, and cloud computing, all of which directly impact B2B security as a whole. 

For those of you who don’t know, the RSA Conference gathers together professionals, vendors, analysts, experts, and practitioners in the cybersecurity industry and creates an excellent opportunity to really discuss and find out about what’s happening in regards to cybersecurity and the digital world in general. 

We’ve discussed how you can protect your network from security threats and how to protect your websites against ransomware before, so you should find the following information to be very relevant if you are running a B2B business yourself. 

Here’s what the top security takeaways from the 2020 February RSA Conference:

1. Endpoint Security is Gaining More Attention

Endpoint security is simply any form of security system where security software is kept on a centrally managed server in a network, and with client software being installed on the devices (or ‘endpoints’) attached to that network. 

All logins from the endpoints need to be authenticated by the central server in the network. This way, each endpoint will be secured as otherwise they would each represent a major vulnerability and opportunity for hackers. 

One of the big takeaways from the RSA was how it was one of the primary focuses from virtually everybody at the conference, and the endpoint security market as a whole is expected to grow substantially to $18.4 billion by 2024. Indeed, there were no less than a hundred and twenty vendors at the RSAC alone who were selling products and/or services concerning endpoint security. 

In the B2B world, endpoint security will need to become an even bigger focus now than it was before, and not making it a core component of your overall B2B security strategy can be a serious mistake

2. Non-Security Vendors are Now Relying on Cloud Security

There were perhaps six hundred cybersecurity vendors present at the RSAC in February, and each and every one of them was focused on cloud security. Even non-security vendors who use cloud hosting space – including big names such as Google, Microsoft, and most major internet service providers like AT&T and Verizon – are beginning to offer cloud security solutions. 

Indeed, one of the most effective ways of keeping your data safe is to keep it stored in the cloud. Security breaches of data stored in the cloud is incredibly rare – despite their coverage in the media – and the overwhelming majority of data breaches that happen are not cloud related. 

While traditional security companies often claim that they can successfully secure themselves against the most dangerous kinds of cyberattacks, it’s also been shown repeatedly that this is not always the case. Cloud security will be the future. 

This is important because B2B communities have increasingly relied on cloud software for exchanging or storing data and cutting down on business costs, and businesses as a whole are turning to cloud computing such as Software-as-a-Service (SaaS) for their primary infrastructure. SaaS is projected to be serving at least 80% of the software needs for nearly 90% of companies within two years. 

Going forward, your enterprise should be making sure that all data and intellectual property from your business-to-business marketing and transactions are stored in the cloud. 

3. Zero Trust is No Longer Just a Buzzword 

The ‘zero trust’ security model is essentially the belief that all enterprises and businesses should have a policy of automatically not trusting anything outside of its parameters. Anything that wants to connect to its systems needs to be verified before access can be granted. 

This includes everything from physical hardware to software to IP addresses to devices and so on. In other words, all other organizations are literally considered untrustworthy.

In previous years, ‘zero trust’ may have been nothing more than a buzzword, but now it’s something that many mainstream companies and businesses are seeking to implement using IAM, or Identity and Access Management systems, which are designed to provide organizations with tools that can control the access of users to any digital information at that organization. 

At the RSA, most of the keynote speakers covered ‘zero trust’. It’s clear that the days of where we could rely on private data centers to provide security are long gone, largely because of the move over to cloud providers. 

Considering the fact that 61% of sized enterprises have been the victim of a cyberattack, it’s not difficult to see how and why a ‘zero trust’ policy would be wise. So many data breaches have occurred because of companies simply not following ‘zero trust’ protocols, even if they did otherwise use quality security systems. 

4. Secure Remote Access Could No Longer Require Passwords 

It’s hard to think about verifying your identity for an online website and not have to type in a password (otherwise referred to as passwordless authentication). Nonetheless, the RSA Conference has shown that this could be the direction we are headed in… and that it could actually make things more secure as a result.

How so? 

Many vendors were indeed offering passwordless authentication at RSA (Centrify, MobileIron, and HID Global among them) while also adhering to the FIDO2 Standard. While this is somewhat newer to US and Australian security teams, it’s not particularly new; the EU and UK mandated FIDO2 standards in most accounting, payment, and financial software as far back as 2016. 

The FIDO2 Standard is the most recent specifications from the industry standards organization FIDO Alliance. Instead, verification of identity is done through other secure methods such as through a hardware token, registered device, or biometrics. 

Passwordless authentication can actually be a more secure method because user-controlled passwords are actually one of the biggest attack vectors for hackers (since so many users either use weak passwords or reuse existing ones). 

While virtual private networks (VPN) have long been considered to be the best option for secure remote access, many challenges of secure remote access that VPNs have failed to address could be answered by passwordless authentication. 

This is critically important for B2B security, especially as B2B as a whole has drifted to a predominantly digital work environment composed of devices that are not controlled by multiple individuals and not by a single company (and will continue to do so as more SMEs in the US and EU brace for the effects of the COVID-19 pandemic).

Conclusion

In today’s business-to-business environment, it is more important than ever to maintain the integrity and confidentiality of your organization and customer data. As the main takeaways from the 2020 RSA Conference make clear, this is no longer an issue that is relegated to the IT Department, and now represents a core issue that will require an organizational level approach to staying secure. 

About the author:

Sam Bocetta

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.