by Steve Hoffenberg | 6/13/2021

Back in 2020, RSA was the last conference I attended—and the last tech industry event to occur—before the COVID-19 pandemic shut down nearly all large public gatherings. Now that many events have resumed, RSA 2022 in San Francisco is the first conference that I’ve attended in more than two years. (And not having left the Eastern US time zone in the interim, I apparently forgot that jet lag was a thing.) This year’s RSA included more than 26,000 attendees, compared to 36,000 in 2020, and 42,000 in 2019. Although the aisles were notably less crowded than pre-pandemic, even with less exhibit space occupied, there was still plenty of activity.

Back for in-person attendance at RSA

Historically, the RSA Conference primarily has been the domain of cybersecurity for enterprise computing. Although in recent years, IoT security has had a growing presence—I recall, for example, the introduction of industrial OT security firm Claroty as a startup in 2017—this year’s show included more dedicated IoT content, including an IoT Sandbox, an Aerospace Sandbox, and more speakers from outside traditional IT security.

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) brought a tabletop simulation of an electric utility system to the IoT Sandbox to demonstrate security vulnerabilities

Stephen Scarbrough, Chief Technologist at security services firm IntelliGenesis, elaborates on cybersecurity risks to airports and the entire aerospace ecosystem.

Along with the big three OT security vendors, Claroty, Dragos, and Nozomi, major tech leaders including IBM, Intel, and Microsoft all had IoT-related stories to tell, e.g. Microsoft’s integration of CyberX (acquired just months after RSA 2020) into its Azure Defender for IoT. Hardware Security Module (HSM) vendors Entrust and Utimaco expanded their portfolios and roadmaps to include broader IoT security and device identity services.

And a slew of startups and small businesses came with IoT offerings, including:

• • Fend (optical data diodes for critical infrastructure networks)
• • Fortress Information Security (supply chain cyber risk management for critical infrastructure)
• • Grimm (IoT penetration testing and consulting services)
• • ORDR (network IoT asset discovery)
• • SynSaber (industrial asset and network monitoring)
• • Viakoo (IoT device discovery and management)
• • Zuul (IoT device protection and orchestration).

In addition, many other traditional IT security vendors have recognized that IoT devices are connected to an increasing portion of enterprise networks, and thus in need of increased discovery and protection. From the standpoint of enterprise IT security, however, the objective is often securing the IT network from risks introduced by IoT devices, rather than securing the IoT devices for their own sake. Nevertheless, such vendors and their customers must now incorporate IoT into their planning and development. We look forward to a time (perhaps at RSA 2023 or 2024) when IoT security is a standard component of all enterprise IT security solutions.

For further information, including market forecasts, analysis, and survey findings, see VDC Research’s series of reports on IoT Security, and on Industrial Automation.