Key Conversations from the 2019 RSA Conference
This year’s RSA conference was memorable for us. As we huddled up to discuss each other’s conversations, three major themes emerged that reflect why attendees came to RSA and our booth—to seek out technology solutions like GRC and integrated risk management (IRM) platforms to address their IT risk and compliance challenges.
Data privacy top of mind
Representatives from Microsoft, Google and Twitter spoke at RSA in a panel discussion about the potential for a federal data privacy regulation in the same vein as GDPR. Before and after the session, the exhibitor hall buzzed with conversations around data privacy.
Many conference attendees we spoke to have data privacy initiatives but were seeking solutions to make their programs stronger. We spoke with attendees about how GRC solutions help to mitigate the risk of data breaches, track possession of data, and, of course, managing GDPR compliance requirements. Some were surprised to learn that a GRC platform can support these internal processes, as well as support GDPR efforts involving third parties.
Bringing disparate data together
Another recurring conversation was how companies struggle to bring all compliance and risk management elements together for a more holistic view of risk. These include IT assets, internal controls, risk assessments/scan results and policies that must be tied together to prove compliance to internal auditors, external auditors, and regulators.
Naturally, we were happy to discuss how a GRC platform can act as a single-pane-of-glass for risk managers, compliance officers, and auditors. Storing and linking all risk elements in a central location provides greater visibility and context around risk and can enable more effective management and reporting.
InfoSec challenge: communications
During RSA, Lockpath’s VP of Industry Solutions, Sam Abadir, was interviewed by Terry Sweeney, Contributing Editor of Dark Reading Newscast. One sound bite is that different audiences need different bits of information to make smarter decisions.
For security and risk professionals, tailoring communications is a challenge. Often there is a breakdown in understanding how to format the information for audit and compliance. And what’s the secret to delivering reports and messages that resonate with diversified audiences like department heads, IT and the board? The answer lies in giving each audience what they need to make an informed decision and leveraging the universal language of metrics.
Whether conversations centered on data privacy, bringing disparate data together, focused on sharpening communications or another issue, we’d like to thank everyone who visited our booth at RSA. If we didn’t see you in San Francisco, we invite you to visit our site’s resources section for additional information on these topics so your conversations can take on a whole new meaning.
With Constitution Day tomorrow, September 17, let’s learn what the Constitution can teach your organization about corporate governance.
Learn how Lance completed his 50 mile race and how it relates to building a risk management program.
This month’s Risk Roundup is about data privacy, the biggest California earthquake in 20 years, and the business impact of the US-China trade war.