Infosecurity Europe 2023 — Forrester’s Thoughts
(written with Zaklina Ber)
Forrester analysts visited Infosecurity Europe 2023 this year and took over 45 meetings with vendors, service providers, and CISOs throughout the event. Walking into the venue, you get overwhelmed by a literal vendor sprawl, with over 500 vendors represented this year. Clearly, the message of security vendor consolidation hasn’t sunk into exhibition yet. While, overall, there was no dominant theme (for example, at RSAC, a metric used by our analysts was “mean time to mention of ChatGPT”), there were some key pockets of things we kept seeing time and again.
Here are some of our reflections on the major, key themes from the event:
- API security emerges as one of the dominant themes. API security was one of the noticeable themes this year. With APIs being a key attack vector, from our perspective, this is a great development as its importance is finally being recognized. Security leaders had multiple talks, with vendors showcasing their approach to API security. What stands out is that this market is still very much emerging. Customers are mostly concerned with discovery, which is only a small part of the picture. We also see some very significant differences between offerings and approaches from different vendors. Keep an eye out for further research on API security in the future.
- Certifications are a barrier to attracting talent. In a session about cybersecurity certifications, panelist Munawar Valji, CISO of Trainline, Dr. Emma Philpott, CEO at the IASME Consortium and Helen Rabe, CISO at the BBC, discussed the problem of overfocusing on certifications as a sole measure of qualifications. While certifications help individuals step into the cybersecurity field, they come with high costs and don’t always reflect real abilities or hands-on experience. Once obtained, maintenance of certifications is often neglected, and they do not support organizational efforts in compliance with industry standards. Furthermore, certifications do not measure one’s motivation, passion for the field, or soft skills, which all enable high performance in security roles.
- The startup zone resembled a ghost town. Places like Infosecurity Europe are the place to showcase innovation and development in technology. Apart from the sponsored cyber innovation zone and the innovations showcased in the booths, the startup zone demonstrated the clearest sign of the tech market recession. A huge part of the show floor dedicated to startups was empty, with less than half a dozen tiny stands covering a large part of the show floor. The organizers should invite startups and sponsor the space, rather than charging an arm and a leg to small cash-strapped startups to attend, something which left a very visible scar on the event this year.
- Quantum security appears earlier than everyone expects. One trend that raised some eyebrows from people we spoke to was a small number of firms offering solutions for quantum encryption and key distribution. While Forrester recommends that firms begin their preparations for the security implications of quantum computing, as standards are still being developed and implementations piloted, it is still very early in the day for credible quantum security vendors to arise. We recommend that people treat these vendors with care and follow recognized standards from places such as the National Institute of Standards and Technology to keep a close eye on the implementation path.
- The importance of the cyber community and tackling burnout is highlighted. Many conversations we had focused on the importance of looking at the humans behind cybersecurity. The topic of burnout in cybersecurity has raised a lot of concern but also has opened up conversations on how to identify and support in these situations. Diane Gilbert, Melissa Chambers, and Louis Holt emphasized in their session, “Stronger Together,” why collaboration in cyber will benefit us all and underlined the need for the industry to collaborate and share information more effectively.