Skip to main content

What 30+ RSAC Meetings Revealed About Where Security Control Is Consolidating

March 30, 2026

After 30+ RSAC 2026 meetings, the author reports that security architecture is consolidating around fewer control planes within established pillars such as identity, endpoint, network, cloud, application, data, and Security Operations (SecOps), with uneven product readiness.

Market and meeting scope

The author says the meeting set included conversations and events spanning major vendors and early specialists, and that the breadth helped distinguish recurring themes from vendor messaging. Participants referenced include Microsoft, Cisco, Google, Palo Alto Networks, Fortinet, Netskope, Cloudflare, Broadcom, and smaller firms such as AppGate, Cloudbrink, Helmet Security, Neon Cyber, and Zenarmor.

The author also states the market continues to map to an existing taxonomy, naming Identity as the trust plane, Endpoint as the local execution plane, Network Security as the distributed enforcement plane, Cloud Security as the workload and infrastructure context plane, Application Security as the assurance and remediation plane, Data Security as policy and governance, and SecOps as the operating layer.

Why enterprise assumptions are changing

The author describes a shift away from a long-standing user-to-cloud model, saying applications, data, and Artificial Intelligence (AI) execution are becoming distributed across endpoints, browsers, branches, private and public clouds, and Software-as-a-Service (SaaS). The author frames the resulting control-plane challenge as keeping trust, telemetry, policy, and enforcement coherent across distributed actors and environments.

AI’s role in action governance

The author reports that the meetings emphasized AI as accelerating action governance rather than creating a separate security universe. The author says the market is spending less time on securing a model in isolation and more time on who or what is acting, what it can access, how it is observed, and what policy governs behavior.

Examples cited include Microsoft describing shifts through agent identity, registry, observability, and extending Entra, Defender, Purview, Intune, and Sentinel controls into agentic environments, and Cisco describing AI Defense as a trust layer behind multiple enforcement points. The author adds that stronger vendors were portrayed as absorbing AI into broader control planes rather than treating it as isolated.

Data Security moves toward the center

The author says Data Security moved closer to the center of gravity during the week, supplying policy logic that other pillars enforce. The author describes Data Security as a System of Record (SOR) for sensitive-data policy, exposure, and misuse, with enforcement or informed action extending into Security Services Edge (SSE), Cloud Native Application Protection Platform (CNAPP), email security, and AI-related controls.

Vendor examples cited include Cyera framing AI security as a data problem, Netskope extending AI security from cloud security and Secure Access Service Edge (SASE) into guardrails, red teaming, and posture, Zscaler linking inline AI governance to its control path, and Skyhigh presenting a data-centric platform anchored in hybrid enforcement and unified policy. The author also links SASE and CNAPP more directly to Data Security by stating that distributed enforcement without coherent data policy does not scale well and that workload and context alone are insufficient when policy around sensitive data is disconnected.

Platform claims face testing across control points

The author says the platform question moved from whether vendors participate in adjacent markets to whether they share policy, telemetry, analytics, and workflows across multiple control points. Microsoft is cited for grounding platform claims in coordination across identity, data, endpoint, and SecOps, and Cisco, Broadcom, and HPE are described as pursuing tighter integration or reuse of enforcement across broader portfolios.

The author contrasts some vendors’ positioning, stating that Akamai favored “ecosystem” over “platform,” while Cloudflare emphasized composability and deployment simplification rather than owning adjacent control planes. The author also reiterates a narrower interpretation of SASE and CNAPP as unifying efforts within Network Security and context and prioritization within Cloud Security.

Architecture progress outpacing adoption

The author reports a maturity gap observed through probing on General Availability (GA), product depth, and production readiness, with answers described as more cautious than show-floor narratives. The author cites F5 for saying the market is behind marketing and that many customers are still not ready, and states that other vendors described differences between more stable use cases and still-fluid agentic AI problems or control granularity.

Specific pacing statements attributed in the text include HPE describing deeper prompt and file-level controls as coming over the next several months, and Broadcom arguing that customer readiness and trust, not missing technology alone, remain the gating issues. The author’s described progression is discovery first, monitoring second, selective enforcement third, and broader operational trust later.

What the author says it means for stakeholders

The author concludes that centers of gravity inside the existing pillars are becoming easier to identify, including Identity broadening, Endpoint regaining weight as execution moves closer to devices, Network Security converging toward distributed enforcement with SASE as the most ambitious unifying model, and Cloud Security converging around CNAPP. The author also reiterates Data Security becoming more central as a policy layer and SecOps as the operating layer determining whether the pillars produce outcomes.

For vendors, the author says participation in multiple adjacencies is not enough and that the test centers on anchoring a control plane, coordinating across pillars, and reducing operational burden. For equity analysts and market watchers, the author says the filter sharpened between platform progress and conference theater, and for service providers, silicon suppliers, and hardware ecosystem participants, the author points to distributed execution, hybrid placement, and enforcement locality as more relevant over time.

This Analyst Signals brief reflects a neutral, fact-based summary of the original research note.

Related Perspectives

Varonis at Infosecurity Europe 2026: Securing AI and the Data that Powers It

May 27, 2026

Varonis announced its participation in Infosecurity Europe 2026 (Stand C84) in London. The company promoted sessions and demos on AI security for the development lifecycle, prompt injection testing, and visibility into cloud AI and shadow AI. Varonis also offered an invite-only lunch panel and meeting scheduling.