RSA 2008 Kickoff Keynote
Art Coviello, Executive Vice President, EMC Corporation and President, RSA, The Security Division of EMC, gave the opening keynote this morning at RSA. I found his talk to be interesting and did my best to pull out some of the key points he made. I am going to use a lot of his words and unfortunately I did not catch who all the quotes were from so I won’t be giving credit to the proper people, but if I can dig up the text of the speech I will link to it.
For the practitioners he planned to talk about how we can overcome the stereotype and inspire confidence in business executives to innovate. He mentioned that in most global organizations security is viewed at Best as a necessary evil and often times as a necessary friction. Security practitioners are viewed as people preventing business from doing what it needs to do.
This is a problem. If management things we are actually hindering business efforts everything will be an up hill battle. He mentions that our job is not to say NO to projects because they are insecure but instead ask HOW can it be made secure. Evaluate the exposures, the likelihood of the exposures being exploited and the materiality of the consequences. This will allow you to reduce risk.
Being effective in managing and reducing risk is going to directly correlate to your knowledge of the business. Someone was quoted as saying, “If you are doing your job, you shouldn’t even sound like a security person.” This is so true. I can sit in my office and talk until I am blue in the face about security risks, how many viruses or spam we block, how many attempts to get through the firewall we log, but come budget time the real question from management is going to be how does this help us achieve our core competencies and how does it help us do business. This means we need to align ourselves with the business in order to succeed. A quote from Coviello that I really enjoyed was, “If we focus on security as an end to itself or simply
react to the threat du jour, costs will continue to skyrocket and we will continue to solve yesterday’s problems.”
I’m going to glaze over his advice to Regulators and Policy Makers. Key thing I grabbed here was that the complexity of regulations means less resources are spent on solving business problems and instead are spent on regulatory issues. This causes multiple problems, one of which is that IT departments start looking at what is the least they can do for a checkmark as opposed to solving the problem.
He then got into “Thinking Security” which he explained as mechanisms that can understand information and safeguard it intelligently throughout its lifecycle instead of tools that blindly lock down data. He made reference to how humans think about security and how we define important information. That same methodology needs to be applied on the technology side. The “Think Security System” will monitor how information is used and adapt the security around it. Sounds like a good idea to me.
In the end, we as practitioners need to be innovative and think differently about security. Everyone needs to play ball though, regulators, policy makers, and vendors to make it all work.
Filed under: Uncategorized | Leave a Comment
Tags: Art Coviello, Keynote, RSA, Thinking Security