RSA Conference 2023 Analysis: Key Trends and Takeaways

News Analysis 05 May 2023 Adam Strange Andrew Braunberg Curtis Franklin Don Tait Fernando Montenegro Ketaki Borade Hollie Hennessy Maxine Holt Rik Turner

This News Analysis is included in

Figures & Downloads

Contents

AI may have been everywhere, but cybersecurity’s biggest annual event roared back this year with a broad set of themes, including data security posture management, SASE, and the convergence of cloud and application security.

Omdia view

Summary

This year, RSA Conference (RSAC) was back, in a big way. By the numbers, the event featured more than 40,000 attendees, the most since the pandemic; 500 exhibitors from 140 countries; and 400 keynotes and breakout sessions presented by more than 650 speakers. High-profile attendees included San Francisco Mayor London Breed, US Deputy Attorney General Lisa Monaco, and even RSAC’s first royal visitor, His Royal Highness Prince Constantijn of the Netherlands.

So, what observations did Omdia take away from the conference?

RSA Conference 2023 took on the theme of “Stronger Together,” and on that it certainly delivered. There was the usual vibrancy and intensity among the conversations, but this year there seemed to be a growing feeling of a collectively maturing industry within the discussions. Omdia believes it serves to demonstrate how cybersecurity is evolving into a mainstream component of the IT function, important enough to no longer be considered a peripheral spinoff. RSAC 2023 showed cybersecurity is now taking up a much stronger, more elevated, front-and-center role within organizational business operations.

Across the expo floor and throughout the presentation sessions, a large number of topics were explored, reflecting how cybersecurity has grown and developed. An escalating threat landscape has incentivized vendors to build out a much wider portfolio of cybersecurity defensive capability across a variety of approaches and perspectives. With niche solutions responding to specific threats all the way up to broader integrated platform solutions, choice was much in evidence, offering end users a wider range of options to address their cybersecurity requirements. Differing starting points aside, there did seem to be an air of collaboration among vendors, uniting to combat a widening threat landscape, as evidenced by events at the conference such as one held by the Open Cybersecurity Schema Framework (OCSF).

No one vendor appeared to stand significantly ahead or apart from the field, and there seemed to be an overall feeling of optimism among exhibitors that in the absence of a single universal solution or front-runner, collaboration and partnering is key. The number of attendees appears to indicate there is plenty of interest and opportunity to go around.

Of the wide diversity of themes being promoted, certainly artificial intelligence (AI) and its role in solutions and the debate over security and ethical concerns was omnipresent. In particular, ChatGPT was much in evidence. Though advocates cite AI as the way to both remove monotony from security-related workflows and simultaneously improve security posture, it is also beginning to attract some notable critics. Omdia will watch developments keenly; more research on the evolving role of AI in cybersecurity is upcoming.

This report will examine some of the specific takeaways emerging from the conference.

AI raised as many questions as it provided answers

AI was a significant component of the agenda at RSAC 2023. Microsoft got the ball rolling the day before the conference kicked off, spending most of the time at its traditional pre-RSA media and analyst event extolling the virtues of its new Security Copilot, a generative AI platform with a chat interface for security analysts. Currently in private preview mode, Copilot is one of the fruits of Microsoft’s $11bn investment ($10bn of which came in January this year) in OpenAI, the company behind ChatGPT. Copilot is built on OpenAI’s GPT-4 large language model (LLM), with another model added by Microsoft to give it cybersecurity specificity.

Microsoft made bold claims for its new platform, calling it a game changer for how security analysts will operate and suggesting that, thanks to its use, tier-1 analysts will be able to work on tier-2 types of problems, since the more mundane stuff should become more readily addressable.

This is all well and good, but Microsoft did acknowledge that LLMs can sometimes simply make things up or “hallucinate,” to use the increasingly popular industry term, if some guardrails are not set up for them (the operative term here being “anchoring”). The company even inserted an example into its demo of Copilot, having it refer to problems in Windows 9, which of course does not exist. However, this begs the question: What if a tier-1 analyst is working on a tier-2 problem, and Copilot hallucinates in a far more plausible way? Could its answers lend credibility to false positives, resulting in entirely undesirable results? Omdia expects a variety of such problems will surface over time, leading to an uneven development of AI in cybersecurity solutions.

Data security moves toward security central

Among the data security conversations and presentations at RSAC 2023, two things seem to emerge: some of the long-standing approaches to protecting data are no longer sufficient, and data is finally beginning to take up its rightful place at the heart of cybersecurity planning. These trends were coalescing in a new, more holistic solution approach to discovering and assessing the security of enterprise data, data security posture management or DSPM.

DSPM places data visibility at the heart of the planning process. Simply, through its acknowledgment that data has differing levels of sensitivities (the notion of not all data being equal) and better understanding of how data is being accessed, used, managed, and stored, DSPM enables a better security posture to be created and managed. DSPM moves the industry away from basic levels of perimeter-based data protection, evolving to embrace the data security posture as a whole, including risk identification and assessment, vulnerability remediation, monitoring of security policy, processes and standards, enhancements, and update implementation to continually ensure defenses are as strong as they can be against known threats.

DSPM and its cloud-based cousin, cloud security posture management (CSPM), bring data and cloud infrastructure security to a new level of focus; both showed significant traction among RSAC 2023 exhibitors. It was clear from the show that while there were vendors yet to adopt or even hear of DSPM, a growing trend is nevertheless present among more early-adopter vendors, which are already advocating or are expecting to migrate toward this wider approach. Omdia can see DSPM becoming mainstream for data security through 2023 and beyond.

Proactive tools continue to mature and consolidate

Omdia has been watching what it calls the “proactive” segments of enterprise cybersecurity operations (SecOps) for several years. Historically, these have been very distinct markets, such as vulnerability management, attack surface management, attack path management, and so on. Thinking about them as a group was useful, because they all focused on prebreach use cases, but that grouping was more philosophical than physical.

Figure 1: Understanding proactive security tools Source: Omdia

That is not to say Omdia has not seen some consolidation of functionality, for example, adding attack surface management (ASM) capabilities into the newer risk-based vulnerability management (RBVM) solutions. But it became apparent at RSAC 2023 that several vendors in this space are ready to take things a step further and build out proactive platforms. Tenable, for one, with its exposure management platform, has already made this bet, but expect to see many more vendors move in this direction.

A serious concern is the current level of market confusion. Vendors have yet to strongly articulate the benefits of a proactive platform play, with every vendor moving in that direction using a different phrase to describe it. Omdia is currently tracking at least a dozen different terms to describe this market but believes proactive security should win the day.

RSAC 2023 from the enterprise security management perspective

Within the AI discussions at RSAC 2023, one topic—LLM AI (namely ChatGPT)—dominated, and enterprise security management was not exempt from the generative wave. While AI was present in many conversations, it was far from the only subject that mattered. Risk, automation, and training were major themes that drove discussions at the event and will drive enterprise security management decisions between now and the next RSA Conference.

Risk. Risk, its discovery, measurement, management, and impact on business, was the meta subject that informed most other topics. The push to understand and control risk was driven by the need for cyberinsurance at the lowest cost, and insurance promises to drive cybersecurity spending in 2023 just as regulatory compliance did in 2003.
Automation. The combination of “internet speed” and skills shortages makes machine-based automation an attractive and often necessary component of a cybersecurity architecture. Vendors promised security solutions that automate tier-1 responses while automating the process of bringing the highest-priority events to the attention of human analysts wrapped in context and ready for action.
Training. Employees with improved skills provide responses to two issues confronting the enterprise. In one case, corporate employee training to recognize and respond to cyberthreats changes the risk calculations and lowers a company's risk profile. In another case, cybersecurity staff with enhanced professional skills are better able to protect the company from threats both internal and external. In both cases, training is showing significant objective return on investment. A variety of training providers are bringing new offerings to companies and individuals that see improved human skills as a necessary ingredient in better cybersecurity.

In all of these areas, vendors were either showing their early efforts in LLM AI inclusion or talking about upcoming products that will include the technology. It is important to note that AI was not discussed as a driver for the coming changes but rather as a tool in the vendor responses to larger industry shifts.

AI was top of minds in identity

AI was once again a significant theme at RSAC 2023 in the identity, authentication, and access (IAA) realm.

In identity security, AI will help to support modern, strong, and streamlined identity security programs. AI has the potential to improve the identity lifecycle and remediation processes. On the flip side, bad actors will use the technology for malicious purposes and human impersonation to generate fraudulent revenue streams.

It was interesting to note that in his keynote, Rohit Ghai, CEO of RSA Security, said that “AI will cause us humans to be totally confused about our role in the world,” and that we are facing a “looming identity crisis.” On the downside, he stated that AI “can already write polymorphic malware.” On the positive side, using AI-driven insights and automation will help to accelerate innovation and create more effective user experiences and help to protect against the growing attack surface.

Time will tell whether AI will be a vehicle for good in the world or whether bad actors will use it for even more nefarious acts. Omdia feels that it will be used for both, but it is too early to predict which side will win this evolving battle.

Infrastructure security: SASE and supply chain and API security were in full view

While the buzz around RSA might indicate otherwise, there is more to cybersecurity than AI. While generative AI and large language models offer tantalizing prospects of greater efficiency and user interactions, there is still significant activity around infrastructure security, with two areas worth calling out: secure access service edge (SASE) and the growing proximity of cloud security and application security.

SASE represents an important paradigm shift in regard to the transformation of security architectures in a way that simplifies management of a distributed security layer that covers many network security and content security use cases. At RSAC 2023, Omdia observed interest in different on-ramps into SASE, be it upgrading existing content proxies, modernizing branch networking, or upgrading remote access capabilities from traditional virtual private networks (VPNs) to zero-trust access (ZTA). Vendors of interest include but are not limited to Palo Alto Networks, Fortinet, Cisco, Netskope, Check Point, Skyhigh Security, Versa Networks, and Axis Security (now part of Aruba).

Securing the software supply chain and securing application programming interfaces (APIs) emerges as a key theme as well. Interestingly, these themes act as a “glue” between many vendors working in both cloud security and application security. Omdia has participated in several conversations on how the industry is maturing its approach to building and consuming software bills of materials (“SBOMs”) and how API security emerges as a key concern once basic cloud security posture is addressed. Vendors to watch in this space include Palo Alto Networks, Salt Security, Cequence, Cloudflare, and Neosec (now part of Akamai).

IoT cybersecurity becoming a “must have” technology

Internet of Things (IoT) security was increasingly pulled out in overarching IT solutions as a coverage area or area of expertise. We saw this in ASM products, as an example, with enterprise IoT being included in order to cover the full stack and thus enhance and contextualize risk metrics. IoT is often covered by IT security solutions to some extent, but it is encouraging to see vendors explicitly call this out and recognize the importance of securing IoT devices within enterprise security.

That said, vertical-specific solutions were also heavily discussed with product enhancements and technology development, especially in the operational technology (OT) and industrial control system (ICS) space. Exhibitors even included Rockwell Automation, showcasing its cybersecurity capabilities. The OT security market has been moving toward more active solutions, and we saw more vendors offering active techniques as expected but also more focus on preventive solutions at the device level.

Though it is still a niche market, the range of technologies are creating an ecosystem encompassing visibility and response (which make up the bulk of the market) as well as solutions promoting resilience of OT networks and devices, covering off a wider range of cybersecurity capabilities for industrial customers. Partnerships and knowledge sharing is therefore key, not only for comprehensive OT security coverage but also for the industry in general. Emerging THreat Open Sharing, or ETHOS, was launched at RSAC 2023. The open source knowledge-sharing platform with founding members across key OT security and industry players is likely to have a notable impact on the evolution of various solutions.

Cloud security overlapping AppSec at many levels

As expected, cloud security was a key topic at RSA. Interestingly, the common theme around cloud security this year was cloud-native application protection platforms (CNAPP) but also a broader convergence of cloud security with application security. It was notable how easily conversations starting at the application security level moved to cloud-native application security. Some of the challenges highlighted in conversations were the “shift left” to “shift right” (or pre- and post-runtime application security) efforts, how to implement DevSecOps approaches, and ways to bridge the gap between the security and development teams. With skill shortages still top of mind for cloud security, vendors were focused on being able to provide developer-oriented and easy-to-use products. Amid these challenges, the discussion of the convergence of application security—including API, supply chain, infrastructure-as-code, and cloud security; cloud workload protection platform (CWPP); CSPM; CNAPP; and others—is expected to remain a key topic moving forward.

Omdia sees the cloud security space expanding to include a mixture of different kinds of vendors. Large vendors such as Palo Alto Networks, Fortinet, and Check Point come to market with the strengths of their existing product lines, often building up a cloud platform to become a one-stop shop, some organically and some through M&A activity. On the other hand, newer vendors such as Orca, Wiz, and Lacework among others come to market with a similar platform approach, though often working collaboratively in partnership with other vendors in the ecosystem. Both sets of vendors continue to refine their approaches to solving the ever-present cybersecurity challenges for cloud environments.

Though AI was a topic driving many conversations, few cloud and application security vendors demonstrated a strong position around AI-driven automation at product level.

The basics matter

The show floor did not have “generative AI” plastered everywhere, but it was certainly a topic of conversation. Less of a topic and even less evident on the show floor, but even more important, were the discussions about the basics of cybersecurity. Knowing what an organization needs to protect, the relative importance of those assets related to the core purpose of the organization, and how they must be protected was described as “boring but essential,” and Omdia could not agree more.

Cyberattacks continue to proliferate. These are not new types of attacks; the majority are based on tried and tested methods. Vulnerabilities that were around two years ago are still being exploited today, because organizations are failing to manage those vulnerabilities. Threat actors continue to exploit those vulnerabilities, not because they are clever but because they can. Most would agree that security is difficult and complex, but getting the basics right—good, solid cyberhygiene—can seriously reduce the risk to organizations from security incidents and breaches. Furthermore, being prepared for the inevitable means that when an attack does happen, there is a process in place that means the incident might not turn into a breach, or if it does, it is shut down quickly.

In comparison with the overall spend on cybersecurity, these are not the most expensive components of what needs to be done, but they could return significant value. It is very well worth reviewing the basics.

Authors

Adam Strange, Principal Analyst, Data Security

Andrew Braunberg, Principal Analyst, Security Operations

Curtis Franklin, Principal Analyst, Data Security

Don Tait, Senior Analyst, Identity, Authentication, Access

Fernando Montenegro, Senior Principal Analyst, Infrastructure Security

Hollie Hennessy, Senior Analyst, IoT Cybersecurity

Ketaki Borade, Senior Analyst, Infrastructure Security

Maxine Holt, Senior Director, Cybersecurity

Rik Turner, Senior Principal Analyst, Emerging Cybersecurity

askananalyst@omdia.com

The Analyst Team

Adam Strange

Principal Analyst, Data Security

Adam Strange is responsible for delivering a comprehensive analysis and insight program focused on data security within the Omdia cybersecurity research function, supporting vendor, service provider and enterprise clients. Adam brings comprehensive experience of the cybersecurity industry, having worked for a series of UK-based channel and global vendor organisations.

Adam has spent his career working in enterprise IT and cybersecurity. He joined Omdia in Feb 2023, from data classification vendor Boldon James where he ran the marketing communications function. Prior to that, Adam worked within the cybersecurity business at BAE Systems, where he specialised in managed security, fraud prevention and anti-money laundering services in UK government and the Financial Services industry. Previously, Adam spent 8 years at Oracle UK promoting secure database solutions both directly and with partners. Before Oracle, he lead the enterprise solutions marketing team at Computacenter. Adam has an MSc in corporate management from Cranfield University.

Adam Strange

Andrew Braunberg

Principal Analyst

Andrew supports Omdia's Cybersecurity Operations (SecOps) Intelligence Service research practice, guiding vendor, service provider, and enterprise clients. He provides thought-leading analysis on technologies, trends, and innovations in enterprise security operations centers (SOCs), and specifically on the proactive technologies used to avoid breach such as vulnerability management and attack surface management.

Andrew has been covering, researching, and speaking on topics related to enterprise information technology for approximately 20 years. Prior to joining Omdia (formerly Ovum) in 2022, Andrew spent five years at NSS Labs where he led the analyst group and worked closely with the company’s security product testing team.

Prior to NSS, Andrew spent more than a decade at GlobalData (formerly Current Analysis), where he managed the enterprise team and was the firm’s principal security analyst. Over his career, Andrew’s coverage has ranged from endpoint protection suites to network security appliances and solutions for protecting cloud-based assets.

Andrew Braunberg

Curtis Franklin

Principal Analyst, Enterprise Security Management

Curtis Franklin Jr. is a Principal Analyst at Omdia, focusing on enterprise security management. Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now and executive editor, technology, at InformationWeek where he was also executive producer of InformationWeek's online radio and podcast episodes.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Curtis Franklin

Don Tait

Senior Analyst, Identity, Authentication, Access

Don is Omdia’s Senior Analyst for the cybersecurity team, bringing more than 20 years of research, consulting, and insights experience to his role as a lead analyst in the area of identity, authentication, and access.

Don has provided analyses on smart cards, payment and banking cards, near-field communications (NFC), and contactless credentials. He has presented the findings from his reports at many events and has written feature articles on his areas of expertise for leading journals and publications. Prior to joining Omdia, Don was a telecoms research analyst at Frost & Sullivan, responsible for the firm's broadband services subscription. He was also a marketing consultant at MSI Reports Limited, where he wrote industrial, healthcare, and telecommunications reports. Don has a Bachelor of Arts (Hons.) in business studies from Edinburgh Napier University in Scotland. He is based in the UK.

Don Tait

Fernando Montenegro

Senior Principal Analyst, Cybersecurity

Fernando is a Senior Principal Analyst on Omdia’s cybersecurity research team, based in Toronto, Canada. He focuses on the Infrastructure Security Intelligence Service, which provides vendors, service providers, and enterprise clients with insights and data on network security, content security, and more.

Fernando’s experience in enterprise security environments includes network security, security architecture, cloud security, endpoint security, content security, and antifraud. He has a deep interest in the economic aspects of cybersecurity and is a regular speaker at industry events.

Before joining Omdia in 2021, Fernando was an industry analyst with 451 Research. He previously held a variety of operations, consulting, and sales engineering roles over his 25+ years in cybersecurity, always focusing on enterprise security at organizations including vArmour, RSA, Crossbeam, Hewlett Packard, and Nutec/Terra. Fernando holds a Bachelor of Science in computer science and different industry certifications.

Connect with me on Mastodon.

Fernando Montenegro

Ketaki Borade

Senior Analyst, Infrastructure Security

Ketaki Borade supports Omdia’s Infrastructure Security research practice. She is responsible for qualitative and quantitative analysis of key vendors in the service. She provides insights into technology, market trends, and competitive landscape.

Ketaki brings her eight years of experience in consulting and syndicate research to this role. Ketaki has researched the semiconductor market for three years with MarketsandMarkets. Prior to joining Omdia, she worked with Canalys for five years as a cybersecurity analyst. She was leading the North American security practice for endpoint security, network security, email and web security, and vulnerability management with channels insights. Ketaki has a bachelor's degree in electronics and telecommunications and a master’s degree in operations.

Ketaki Borade

Hollie Hennessy

Senior Analyst, IoT Cybersecurity

Hollie provides insight into the fascinating and fast-moving domain of IoT cybersecurity.

Hollie has a range of experience in research. She began her career in the legal sector, writing and researching for expert witness reports on the labor market. She then moved into product testing, with a consumer protection focus. In this role, she was responsible for managing comparative tests of various technology products, as well as regular testing and investigative work into the security of these products.

She has published articles in Which?, one of the UK’s largest subscription magazines, produced by the country’s largest consumer organization; and Computing magazine.

Hollie Hennessy

Maxine Holt

Senior Director, Cybersecurity

Maxine Holt leads the Omdia cybersecurity research group and is the lead architect of the Omdia Cybersecurity Ecosystem. Her team delivers a comprehensive cybersecurity research program to support vendors, service providers, and enterprise clients. Maxine also leads the Omdia Analyst Summit at the high-profile Black Hat event series.

Maxine has spent her entire career as an IT and security professional. She has been at Omdia since 2018, following a spell at the Information Security Forum (ISF), developing thought-leading security research for ISF members. Before ISF, Maxine spent 15 years in research at Ovum, starting her career as a software developer in the financial services industry and consulting for the financial services and internet sectors. Maxine is a regular event speaker and contributes articles to high-profile publications in cybersecurity.

Maxine Holt

Rik Turner

Senior Principal Analyst

Rik is a senior principal analyst in Omdia's IT security and technology team, specializing in cybersecurity technology trends, IT security, compliance, and call recording.

Rik has also worked in Omdia's financial services technology team, with a specialization in capital markets technology. Prior to joining Informa (now Omdia), he worked as an IT journalist, specializing in networking and security. He was also a foreign correspondent in Brazil, where he worked, among others, for the Financial Times and The Economist.

Rik Turner

Show All

Companies Show all

Microsoft

Geographies Show all

Global

You must sign in to use this functionality

Authentication.SignIn.HeadSignInHeader

Ask An Analyst

Omdia Recommends

These are Omdia driven recommendations based on content that is both similar, and has been frequently visited by other users in combination with the content you are currently viewing.

Omdia Recommends

Our expert analysts will review your question and the Ask an Analyst team will get back to you. We aim to respond within 24 hours, but we’re often quicker.

Our team of experts are here to answer your questions. From advice on market trends to a query on research point, and everything in between, we want to hear from you.

Ask an analyst is available as part of a subscription. If you'd like access, contact us today.

Please make sure all fields are completed.

From

Your Question

This question field is mandatory

Preferred response PREFERRED ANALYST/S

Cancel

RSA Conference 2023 Analysis: Key Trends and Takeaways

Contents

Figures & Downloads

Omdia view

Summary

AI raised as many questions as it provided answers

Data security moves toward security central

Proactive tools continue to mature and consolidate

RSAC 2023 from the enterprise security management perspective

AI was top of minds in identity

Infrastructure security: SASE and supply chain and API security were in full view

IoT cybersecurity becoming a “must have” technology

Cloud security overlapping AppSec at many levels

The basics matter

Further reading

Authors

The Analyst Team

Adam Strange

Andrew Braunberg

Curtis Franklin

Don Tait

Fernando Montenegro

Ketaki Borade

Hollie Hennessy

Maxine Holt

Rik Turner

Companies Show all

Geographies Show all

You must sign in to use this functionality

Authentication.SignIn.HeadSignInHeader

These are Omdia driven recommendations based on content that is both similar, and has been frequently visited by other users in combination with the content you are currently viewing.

Omdia Recommends

Thank you

Ask an Analyst

RSA Conference 2023 Analysis: Key Trends and Takeaways

Contents

Figures & Downloads

Omdia view

Summary

AI raised as many questions as it provided answers

Data security moves toward security central

Proactive tools continue to mature and consolidate

RSAC 2023 from the enterprise security management perspective

AI was top of minds in identity

Infrastructure security: SASE and supply chain and API security were in full view

IoT cybersecurity becoming a “must have” technology

Cloud security overlapping AppSec at many levels

The basics matter

Further reading

Authors

The Analyst Team

Adam Strange

Andrew Braunberg

Curtis Franklin

Don Tait

Fernando Montenegro

Ketaki Borade

Hollie Hennessy

Maxine Holt

Rik Turner

Companies Show all

Geographies Show all

These are Omdia driven recommendations based on content that is both similar, and has been frequently visited by other users in combination with the content you are currently viewing. Omdia Recommends

You must sign in to use this functionality

Authentication.SignIn.HeadSignInHeader

These are Omdia driven recommendations based on content that is both similar, and has been frequently visited by other users in combination with the content you are currently viewing. Omdia Recommends

Thank you

Ask an Analyst

These are Omdia driven recommendations based on content that is both similar, and has been frequently visited by other users in combination with the content you are currently viewing.

Omdia Recommends

These are Omdia driven recommendations based on content that is both similar, and has been frequently visited by other users in combination with the content you are currently viewing.

Omdia Recommends