RSA Chief Rallies for Intelligence-Driven Security to Help Ensure Trust in the Digital World
RSA Executive Chairman Art Coviello Addresses Chinese IT Security Community with Ideas to Rethink and Rebalance Security Spending, Address IT Skills Shortage and Promote Cyber-Information Sharing Globally
- RSA Executive Chairman Art Coviello outlined an intelligence–driven model for cyber security in his opening keynote at RSA® Conference China 2012.
- Mr. Coviello challenged conventional thinking on security – attributing shortages of qualified IT talent, the lack of understanding and cooperation on security issues between nations and budget inertia as key drivers holding security back from where it needs to be.
- Mr. Coviello advanced four major recommendations for how the industry must adapt to help ensure trust in the digital world.
In his opening keynote at RSA® Conference China 2012, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), outlined an intelligence-driven model for cyber security. While addressing the crowd at the third RSA Conference in China, held in Chengdu, Mr. Coviello challenged conventional thinking on security – attributing shortages of qualified IT talent, the lack of understanding and cooperation on security issues between nations and budget inertia as key drivers holding security back from where it needs to be.
Mr. Coviello pointed out that today the vast majority of IT security spending is still allocated towards static and inflexible perimeter-based technologies that are increasingly ineffective against today’s threats. In an age of interconnectivity and openness where breaches are to be expected even among the best-defended networks, the balance must shift to accommodate timely detection and response.
"Without rebalancing this spend it will become increasingly difficult, if not impossible, to detect sophisticated attackers quickly and with enough detail and accuracy to mount an effective defense," Mr. Coviello said. "The perimeter is easily breached and as attacks inside the perimeter continue to become more sophisticated, only equally sophisticated detection capabilities and analytics can enable a response that is quick enough to help avoid loss."
Mr. Coviello also addressed several other issues "holding back security," including the severe skills shortage of competent IT security professionals. A 2011 Global Information Security Workforce Study by Frost & Sullivan suggests that despite a forecasted addition of more than two million new IT security professionals by 2015, it may still not be enough to support global demand. Mr. Coviello also pointed out the lack of cooperation among government entities and a broad lack of understanding among these governments, media, consumers and private and public organizations which position the security industry at a disadvantage against the constantly evolving threat landscape.
"The implication of these forces is holding security back. Security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security, while adversaries become more sophisticated," Mr. Coviello said.
Mr. Coviello advanced four major recommendations for how the industry must adapt:
- Commitment to intelligence-based security – The industry must evaluate risk from both the inside out and outside in, looking at risk in the context of vulnerability, probability and materiality. Based on that information, re-evaluate budgets and balance spending priorities accordingly.
- The best defense is a layered defense – The focus in a layered defense must be on controls that deliver the situational awareness, deep visibility and environmental agility to deter, detect, and defeat sophisticated targeted attacks.
- Find the "right" talent – The "right" talent will be people with more education and training and those working in anti-fraud groups. More value should be placed on security analytic skills over capabilities in traditional security or IT infrastructure management.
- Cooperation – Collectively nurture an ecosystem of governments, vendors and user organizations that work together to foster more trust in the digital world. Additionally, markets have to operate on mutual international respect for intellectual property
Mr. Coviello added, "We are only as strong as our weakest link and we are interdependent as never before. Attacks on one of us have the potential to be attacks on all. We must adapt and change…The economies of the world are too fragile to run the risk of not tackling this problem head on."
Reflecting on the challenge facing the global security industry and the need for all parties to work cooperatively against mounting digital threats, Mr. Coviello invoked the wisdom of Zhuge Liang, chancellor of the state of Shu Han in second century China:
"In closing I turn again to the wisdom of Zhuge Liang about the need to work together – he said 'It is not wise to continue on alone. We need to wait for our allies.' Let us all be allied in meeting this challenge."
Mr. Coviello's written keynote remarks are available by request in both Mandarin and English. Please email the RSA press contacts listed below.
EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset — information — in a more agile, trusted and cost-efficient way. Additional information about EMC can be found at www.EMC.com.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.
RSA, The Security Division of EMC
+86 1084 38 6588
RSA, The Security Division of EMC
+1 617 413 4333
EMC and RSA are registered trademarks of EMC Corporation in the United States and other countries. All other products and/or services referenced are trademarks of their respective companies.