Click here to receive your FREE subscription to Campus Technology
News
Assess Security and Boost Innovation, Says RSA Exec
4/14/2008
Art Coviello kicked off RSA Conference 2008, his company's namesake information security conference, yesterday (April 8) in San Francisco with a warning."We're in a perfect storm," said Coviello, RSA's president.
He described the elements making up that storm. We have technical innovations that are supporting increasingly sophisticated attacks, and those problem areas are showing up as end users are becoming overwhelmed by security protocols and policies.
"Users of every stripe are confronted every day with cryptic dialog boxes that ask, 'Are you sure?'" he said. "It's the technology equivalent of, 'Do you feel lucky today?' One wrong click can jeopardize livelihoods and identities."
Concerns about security are stifling business innovation, he said, as a result of this convergence.
"More than 80 percent of IT, security and business executives surveyed admit that their organizations have shied away from business innovation opportunities because of information security concerns," Coviello told his audience. He pulled those numbers from resent IDG research commissioned by RSA.
We can calm this storm, he said, with a change of mindset, from "no" to "how." Enterprises that view security as a necessary evil -- and that's most of them, Coviello said -- should examine their prejudices and stop viewing security as a business impediment.
"The next time a new idea comes up," he said, "don't start by saying it isn't secure. Start by evaluating exposures, the probability of the exposures being exploited, and the materiality of the consequences. Then put forth a plan to reduce risk in all three areas. Nothing should be done unless it is in the context of risk."
And while you're at it, lose the attitude about your security people. They're not the bad guys, and you need to work with them.
"The recommendations of our research group are clear: Align the [security] practitioner with the business, and align the implementation of security with the risk," he said.
His term for this change of mindset, "thinking security," aims to drive a data-centric approach to security down into the enterprise infrastructure, eliminating the view that IT security is a separate function. It envisions organizations making high-level risk assessments, collecting and analyzing threat data and easing the burden on the end user to adhere to security policies.
This change of mindset would "catapult" security to "a new plane," Coviello said, "where [security] is widely seen as an accelerator of innovation."
Coviello called on the U.S. Congress to spend more on education to produce better-trained developers and IT workers, and to establish a "breach notification" law that creates a single federal standard, and a national standard, for safeguarding sensitive information. He added his hope that the House of Representatives would pass the cyber-crime bill that was passed by the House in 2007.
Recommended Reading
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
- New Blackboard Sync Application Leverages Facebook
Blackboard Inc. today announced Blackboard Sync, an application that allows students to receive course updates and communicate with classmates while logged on to Facebook.
- Standards: The Sooner the Better
Technology solutions work best when they well together. That is why the nonprofit group IMS Global Learning Consortium is developing learning tools interoperability standards for the education technology community...
- U.K. Education Group Escalates Microsoft Complaints
A consultancy to the U.K. government has forwarded complaints about Microsoft's licensing and interoperability practices to the European Commission (EC), according to an announcement issued by the Becta consulting group Monday.
