So Long, Security Silos

SAN FRANCISCO -- RSA Conference -- Data growth, its increasing value to the enterprise, and the resourcefulness of cybercriminals underscore the importance of multi-layer security for enterprises, and the equally large parallel requirement of security simplification, the president of RSA said this morning in his opening keynote here.

"Security has traditionally been about imposing limitations, rather than lifting them. It's time to force that to change," said Art Coviello, president of EMC's RSA security division. Threats and challenges should not be the only motivation -- opportunities like accelerating new ways of doing business must also factor highly into the mix.

He went on to challenge the audience to think about security, not just in terms of firewalls and antivirus software, but also fungible assets, the customer experience, internal assets, and brand integrity. "Security impacts all that and we must treat security within that broader context," he said. "Information security has become a complete misnomer -- we've protected the perimeter but not the information itself. Despite digital rights management (DRM), we haven't linked security to DRM. And information has this nasty habit of wanting to move around.

"Security can no longer exist in silos in our companies or in the industry, or as a tactical afterthought," Coviello added. "It's no longer enough to build an outside-in approach -- we must simultaneously master an inside-out approach mapped to security -- an info-centric approach."

The fact that this new business model just happens to map to EMC's reasons for acquiring RSA wasn't lost on the audience, or an interviewer who posed questions to Coviello and his boss, Joe Tucci, EMC's chairman, who later joined Coviello on stage. With EMC (and Cisco, IBM, Microsoft, Oracle, and others) trying to be enterprises' one-stop infrastructure management stop, will discounts for volume or loyalty be forthcoming?

Tucci sidestepped the issue but offered up this politic response: "We'll make sure we drive down costs for customers and that they get better prices across the board. I guarantee it."

In that same vein, Coviello said vendors didn't understand the complexity they were introducing to customer networks, particularly where security's concerned. And he claimed vendor combos like EMC-RSA can actually simplify security and management.

"To have security tightly woven in makes more sense for everyone," Coviello said, adding that RSA was launching a risk assessment consultancy via EMC's professional services organization.

— Terry Sweeney, Editor in Chief, Dark Reading