Industry leaders, cybersecurity experts, and innovators in digital security will converge again at RSAC, the world’s largest cybersecurity conference, at the end of April. With over 600 exhibitors attending and more than 550 sessions planned, ABI Research has picked out 5 of the top digital security trends to watch out for at RSAC 2025.

1.  Digital Identity Permeates Security Solutions Across the Board

Digital identity is expected to be a major hot topic this year, with 332 sessions dedicated to this space. With increasingly multivariate enterprise environments on the rise and growing interdependencies between components within those systems, the broader application of digital identity beyond identifying persons is a growing area of interest within cybersecurity. This is driven, in large part, by the huge proliferation of Internet of Things (IoT) devices with machine identity management as it pertains to those IoT devices and secure communications between network machines, applications, and services expected to be top use cases. Emerging use cases will also likely include firmware and code signing applications, particularly given the movement toward software and hardware Bills of Materials (BOMs), as well as Over-the-Air (OTA) software and firmware updates in light of the transition toward algorithm agnosticism as part of the migration to quantum-resilient systems. The use of digital identity technology in Artificial Intelligence (AI)-enhanced fraud, content manipulation, and “deep fake” applications is a burgeoning area of interest for both Public Key Infrastructure (PKI) and AI vendors alike.

Key PKI vendors will be in attendance to discuss their activities and roadmaps within digital identity, including DigiCert, Keyfactor, ManageEngine, and Venafi, while top players in the Hardware Security Module (HSM) realm will showcase their solutions for anchoring and securing existing digital identity solutions, including Futurex, IBM, Utimaco, and Thales.

Related: 5 Latest Cybersecurity Trends in 2024

2.  Post-Quantum Preparation and Migration Remain Challenges for Vendors

The confirmation of four official algorithms for quantum-resistant key encapsulation and digital signatures by the National Institute of Standards and Technology (NIST) last year kick-started the commercial Post-Quantum Cryptography (PQC) market into gear, particularly within the last 9 months, with further candidate algorithms expected from both NIST and other Standards Development Organizations (SDOs) worldwide. Additionally, in the last year since RSAC 2024, state governments and national cybersecurity forces have announced post-quantum migration plans and integration deadlines, signaling growing momentum within the post-quantum space that will stimulate key discussions throughout RSAC 2025. Yet, despite increased clarity on the algorithmic standards, migration to quantum-resistant systems continues to present challenges for organizations, particularly due to difficulties around the cost, resource pressures, upgrade cycles, vertical-specific requirements, backward compatibility, and the readiness of legacy system and assets for post-quantum algorithms. Embedded or memory-constrained devices pose their own challenges in this regard, given the larger size of quantum cryptographic keys and increased computational power required to operate PQC.

Crypto-discovery and inventory solutions are expected to be a critical focus area for organizations beginning their post-quantum transition, as well as quantum readiness assessments. Attending quantum cryptography vendors, including PQShield, Quantinuum, and SEALSQ, will focus on answering enterprise questions around hybridized versus pure post-quantum cryptographic offerings and how best to prepare for the advent of quantum computing.

3.  Growing Demands for Crypto-Agility and Dynamism

With post-quantum guidance pertaining to recommended algorithms and cryptographic protections expected to be dynamic and perpetually changing, quantum-resistant systems must be capable of switching between algorithms quickly and with little disruption to the rest of the environment. Additionally, demands for certificate freshness and agility have prompted juggernauts like Apple and Google to propose a further shortening of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificate lifecycles, down to 47 days by 2029.

For attendees looking to understand how best to institute crypto-agility into their systems and optimize their algorithm-switching capabilities, vendors like Entrust and AppViewX are both likely to highlight their solutions’ algorithmic-switching capabilities.

4. Geopolitical Tensions and the Persistent Threat to Operational Technology (OT) and Critical Infrastructure (CI)

Ongoing geopolitical tensions render OT and CI constant targets for malicious hackers, both state-sponsored and otherwise, mounting pressure on operators to secure both their systems and the interconnected supply chains that they depend on. Cyber-resilience will be a prime candidate for discussion at RSAC, spurred on by regulatory developments in this space, including the entry into force of the Cyber Resilience Act at the end of 2024, which places new responsibilities not only on those vendors within the European market space, but on all vendors operating economically within the European Union (EU).

The costs and complexity associated with upgrading and overhauling legacy systems and assets in OT and CI environments continue to complicate OT security journeys. OT operators looking to plug existing knowledge gaps and accelerate the maturity of their current OT security posture can look to organizations like Rockwell Automation, Dragos, Nozomi, and Broadcom, which will be in attendance to present the importance of multi-layered, security-by-design, as well as shifting the habitual reactivity of OT security toward an increasingly proactive approach.

5. AI Remains Both a Sword and a Shield in Cybersecurity

New attack vectors and opportunities for malicious and fraudulent misuse of AI seem to be popping up daily, the latest installment being Generative Artificial Intelligence’s (Gen AI) ability to produce uncannily accurate AI-generated receipts of purchase. Yet, concurrently, the use of AI and Machine Learning (ML) for automation purposes has great potential, particularly within cryptographic asset management and discovery solutions. Further, confidential computing shows burgeoning promise in securing AI and ML use cases following NVIDIA’s launch of Graphics Processing Unit (GPU)-based confidential compute. Thus, the role of AI as both a sword and a shield is unlikely to wane any time soon and is expected to crop up across the showroom floor at RSAC.

Conclusion

Digital identity and the post-quantum transition are expected to be common threads running through many of the topics covered at the conference. To stay ahead of all of the trends, changes, and technology shifts in cybersecurity and digital security, reach out to us today and learn how we can support you.

And if you're making the trip to RSAC 2025 in San Francisco, let's connect!