RSAC 2026 is back, and the certificate automation gap is impossible to ignore
RSAC 2026 Conference marked a return to form, more vibrant and better attended than any show I can recall over the past decade. The audience was distinctly international, with strong representation from North America, Europe and Latin America, and it was refreshing to see the energy and overall vibe of the show return to what I remember from RSA at its peak.
As expected, hot topics centered on how AI is transforming cybersecurity, alongside growing interest in quantum computing and what the industry’s eventual shift to quantum resistant algorithms will mean in practice. These themes were omnipresent across keynotes, analyst discussions, and booth conversations.
For us as a certificate authority though, front and center was the ongoing decline in SSL/TLS certificate validity periods and the question of how organizations will realistically automate certificate management. Despite widespread awareness of what’s coming, a majority of companies are still relying on manual methods to track, deploy, and renew certificates. As we know that approach simply will not scale as the industry moves toward 47-day certificate lifetimes by 2029.
We were grateful for time with Aisling Dawson of ABI Research, who highlighted what she believes is a significant white space in the SME market for tools that can help organizations navigate the road to 47 days. Her depth of knowledge and insight into the certificate lifecycle management (CLM) space were both impressive and validating.
The always insightful Justin Lam of 451 Research focused on the technical debt facing large enterprises as they prepare for postquantum cryptography (PQC). He also tied PQC readiness to the growing importance of data sovereignty, noting that organizations increasingly want the ability to “pick up” their data wherever they operate, while maintaining full control over it.
I also had the honor of interviewing Rahul Powar, CEO of Red Sift, gaining valuable insight regarding strategies that companies can take to protect domains, prevent spoofing, reduce phishing, and deliver visible trust signals that improve brand recognition and confidence in the inbox. Knowing that phishing and email fraud continue to be popular with cyber attackers companies must always be exploring new ways to overcome these threats.