IT Execs Must Shift Security Approaches
IT security executives must secure what they cannot directly control to properly protect enterprise data in the coming years, said industry executives at the RSA Conference 2012 here this week.
Wed, February 29, 2012
Computerworld — SAN FRANCISCO -- IT security executives must secure what they cannot directly control to properly protect enterprise data in the coming years, said industry executives at the RSA Conference 2012 here this week.
Slideshow: What's Hot at RSA 2012
Slideshow: Hot Products from RSA 2011
The confluence of cloud computing, mobile technologies and IT consumerization is driving massive changes in how enterprise data is accessed, used and shared.
Rather than fight the changing data management landscape, enterprises should look to accommodate it in a secure and practical way, the executives said.
"We need to rethink how we secure the enterprise," said Enrique Salem, president and CEO of Symantec, in a keynote speech. "We need to stop saying 'No' and partner with our user community" to enable the secure use of new technologies and social media tools, Salem said.
Longheld notions about enterprise security need to be jettisoned, Salem said. "This new world is one where we don't control the device," he said.
Enterprise data is increasingly being accessed and shared via mediums that IT has little direct control over -- personal mobile devices and social media networks used by workers and from servers hosted by cloud providers.
"With the expanded use of private and public clouds we don't know where our data resides or when a specific workload is being run," Salem said.
Traditional security models that focus on perimeter and network controls won't work in the new IT environment, he said. Companies must start implementing controls that can securely authenticate, authorize and audit user access, via untraditional means.
Instead of having only firewalls to prevent malicious code from entering a network, companies should start adding controls that can keep critical information within it, Salem said.
For the first time since the dawn of IT technology, savvy consumers and employees are adopting technologies faster than enterprises can absorb them," said Art Coviello, president of EMC's RSA division.
The ramifications of the trend are significant, he said.
"IT organizations must learn to manage what they cannot directly control and security organizations must learn to protect what they cannot control," Coviello said.
Over the past 10 years, he noted, data volumes, data access speeds, the use of mobile technologies and social media tools and risk levels have all increased by several orders of magnitude. "If Facebook were a country it would be the third largest on the planet right now," he said.
Protecting enterprise data in the new environment is a lot different than current security models allow, he added.