5 Key Takeaways from the 2025 RSA Conference

We’re back from the RSA Conference in San Francisco, and if there’s one takeaway that stood out from the hundreds of conversations with security leaders across different industries, it’s this: privacy and security are no longer parallel tracks—they’re part of the same journey.

This year’s theme, “Many Voices. One Community,” couldn’t have been more fitting. Across roles, industries, and technical specialties, one message came through loud and clear: the business benefits when privacy and security work together. Forward-thinking security leaders are no longer looking at privacy as a separate concern, but rather as a core component of a strong security strategy. What was once a theoretical overlap between these two functions is now becoming a practical, day-to-day partnership.

Our team had the opportunity to connect with numerous attendees, and several key themes surfaced consistently in our conversations:

1. The "Aha!" moment—Privacy as a security imperative

There’s a growing awareness—especially among CISOs and security leaders—that privacy isn't a separate concern, but rather an integral part of their work.

Conversations frequently turned to data subject requests (DSRs), cross-border data access, and data visibility. For many security professionals, the lightbulb moment was realizing that privacy demands—like fulfilling a DSR request—often rely on the same data flows, systems, and risk frameworks as traditional security.

The understanding that strong security lays the groundwork for effective privacy compliance, and vice versa, is clearly gaining traction.

2. The urgency of data visibility

One recurring pain point we heard: organizations can’t protect data they can’t see. And today’s data isn’t sitting neatly in databases—it’s scattered across cloud apps, emails, PDFs, internal tools, and shadow IT.

Security leaders told us they’re urgently seeking solutions that go beyond traditional discovery—tools that can surface sensitive data in unstructured environments and across fragmented systems. As AI and automation push the boundaries of data usage, clear visibility into what data exists (and where) has never been more essential.

3. Unlocking broader business value with privacy

One of the most exciting shifts we saw was at the executive level. More leaders are realizing that privacy isn’t just about staying out of regulatory hot water—it’s a way to build trust, unlock innovation, and differentiate in the market.

We spoke with multiple C-suite attendees who are actively positioning privacy as a strategic advantage. From responsible AI deployment to personalized customer experiences based on consented data, privacy is evolving from “compliance checkbox” to business enabler.

4. AI governance is the next (quite complicated) frontier

AI has dominated conference floors for a few years now—and RSA was no exception. But what made the AI conversations at RSA unique was the emphasis on governance.

Security and privacy professionals alike are grappling with how to build ethical, compliant AI systems that don’t compromise user trust or introduce organizational risk. Many shared that they’re still “building the plane while flying it” when it comes to AI governance.

But it’s clear the field is gaining momentum: frameworks are forming, playbooks are being tested, and teams are leaning heavily on their privacy foundations to guide the way.

5. Consent is expanding beyond just marketing

Consent management has traditionally lived in the realm of marketing, but that’s beginning to change. At RSA, we saw real interest from security teams in applying consent controls at the infrastructure and network levels.

The goal? Ensure data is being used in alignment with user choices, while maintaining visibility and intelligence where needed. As privacy expectations evolve, consent is becoming a technical control—not just a banner on a website.

Privacy and security, better together

RSA 2025 made one thing very clear: we’re entering an era where security strategies that don’t account for privacy risks are incomplete by default.

Whether it’s navigating AI governance, mapping unstructured data, or embedding user preferences into data architecture, organizations are recognizing that privacy and security need to be tightly aligned to stay resilient, compliant, and competitive.

We’re thrilled to see these conversations gaining traction—and we’re more committed than ever to helping teams bridge the gap with tools that work for both privacy and security.