Click here to receive your FREE subscription to Campus Technology
News
Assess Security and Boost Innovation, Says RSA Exec
4/14/2008
Art Coviello kicked off RSA Conference 2008, his company's namesake information security conference, yesterday (April 8) in San Francisco with a warning."We're in a perfect storm," said Coviello, RSA's president.
He described the elements making up that storm. We have technical innovations that are supporting increasingly sophisticated attacks, and those problem areas are showing up as end users are becoming overwhelmed by security protocols and policies.
"Users of every stripe are confronted every day with cryptic dialog boxes that ask, 'Are you sure?'" he said. "It's the technology equivalent of, 'Do you feel lucky today?' One wrong click can jeopardize livelihoods and identities."
Concerns about security are stifling business innovation, he said, as a result of this convergence.
"More than 80 percent of IT, security and business executives surveyed admit that their organizations have shied away from business innovation opportunities because of information security concerns," Coviello told his audience. He pulled those numbers from resent IDG research commissioned by RSA.
We can calm this storm, he said, with a change of mindset, from "no" to "how." Enterprises that view security as a necessary evil -- and that's most of them, Coviello said -- should examine their prejudices and stop viewing security as a business impediment.
"The next time a new idea comes up," he said, "don't start by saying it isn't secure. Start by evaluating exposures, the probability of the exposures being exploited, and the materiality of the consequences. Then put forth a plan to reduce risk in all three areas. Nothing should be done unless it is in the context of risk."
And while you're at it, lose the attitude about your security people. They're not the bad guys, and you need to work with them.
"The recommendations of our research group are clear: Align the [security] practitioner with the business, and align the implementation of security with the risk," he said.
His term for this change of mindset, "thinking security," aims to drive a data-centric approach to security down into the enterprise infrastructure, eliminating the view that IT security is a separate function. It envisions organizations making high-level risk assessments, collecting and analyzing threat data and easing the burden on the end user to adhere to security policies.
This change of mindset would "catapult" security to "a new plane," Coviello said, "where [security] is widely seen as an accelerator of innovation."
Coviello called on the U.S. Congress to spend more on education to produce better-trained developers and IT workers, and to establish a "breach notification" law that creates a single federal standard, and a national standard, for safeguarding sensitive information. He added his hope that the House of Representatives would pass the cyber-crime bill that was passed by the House in 2007.
Recommended Reading
- RIAA Outsources Fingering of Students Who Share Music Illegally
The RIAA is outsourcing the hunt for music thieves. Its largest target currently is those who operate from within colleges and universities, a move that has piqued the attention of Educause.
- Microsoft Expands Education Footprint in Asia Pacific Region
Microsoft Chairman Bill Gates announced new partnerships to extend accessibility and computer literacy in the Asia Pacific region during a speech in Jakarta at a government leader gathering earlier this week.
- IT Struggling Over Security, Compliance
IT pros are having a hard time balancing security, software patch management and IT auditing with a host of other duties, according to a survey released Monday by Shavlik Technologies.
- Toronto College Upgrades Network with Gigabit Ethernet Wireless Links
Toronto-based George Brown College has gone public about its deployment of six BridgeWave GE60 wireless links to upgrade its campus-wide network.
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
