RSAC 2026: The Critical Certificate Automation Gap
▼ Summary
– The RSAC 2026 conference was highly attended and vibrant, with a notably international audience from regions including North America, Europe, and Latin America.
– Dominant themes included AI’s impact on cybersecurity and the practical implications of the industry’s shift toward quantum-resistant algorithms.
– A major concern for certificate authorities is the move to shorter SSL/TLS certificate lifespans and the widespread lack of automation for managing them.
– Analysts identified key market needs, including tools for small businesses to manage certificates and solutions for large enterprises to handle post-quantum cryptography and data sovereignty.
– An interview highlighted strategies for companies to combat phishing and email fraud by protecting domains and building trust signals for email security.
The recent RSA Conference 2026 demonstrated a powerful resurgence, with attendance and energy levels surpassing any event in the last ten years. The atmosphere was notably international, drawing significant participation from professionals across North America, Europe, and Latin America, recapturing the dynamic spirit the conference was once known for.
Discussions predictably focused on the transformative role of artificial intelligence in cybersecurity, alongside burgeoning interest in quantum computing and the practical implications of adopting quantum resistant algorithms. These subjects dominated keynote speeches, analyst panels, and countless booth discussions throughout the event.
From the perspective of a certificate authority, the most pressing issue remains the steady reduction of SSL/TLS certificate validity periods. The central challenge is how enterprises will achieve the necessary automation of certificate management. While awareness of the impending shift is high, most organizations continue to depend on manual processes for tracking, deploying, and renewing digital certificates. This outdated methodology is unsustainable as the industry accelerates toward the mandated 47-day certificate lifetimes set for 2029.
A conversation with Aisling Dawson of ABI Research proved particularly valuable. She identified a major opportunity in the SME market for solutions that can guide smaller businesses through the transition to shorter certificate lifespans. Her expertise in certificate lifecycle management (CLM) provided both impressive analysis and validation of current market needs.
Justin Lam from 451 Research offered sharp commentary on the technical debt confronting large enterprises as they prepare for postquantum cryptography (PQC). He effectively connected PQC readiness to the rising demand for data sovereignty, observing that companies now seek greater ability to control and relocate their data across global operations without compromising security.
An interview with Red Sift CEO Rahul Powar yielded strategic insights on protecting corporate domains and combating email-based threats. He detailed approaches to prevent spoofing, reduce phishing success, and deploy visible trust signals that enhance brand recognition and inbox confidence for customers. With phishing and email fraud remaining favored tools for cyber attackers, continuous innovation in these defensive strategies is non-negotiable for modern businesses.
(Source: Help Net Security)