Security Budgets Require Better Alignment To Address New Threats, New Mindset

In a joint opening keynote at RSA Conference London 2012, the top two executives at RSA, The Security Division of EMC, shared ideas and experiences about the critical issues affecting security organisations throughout the world – that outdated strategies, approaches and technologies are holding back security organisations from effectively protecting against rapidly evolving risks and advanced threats.

While addressing the crowd, Art Coviello, Executive Vice President for EMC and Executive Chairman of RSA attributed unbalanced security budget allocations, a shortage of skilled talent and the “perception versus reality gap” as key challenges hampering the effectiveness of security organisations.

Coviello offered an intelligence-driven security model based on a thorough understanding and reprioritisation of business risk that results in risk mitigation strategies that when implemented produce threat-resistant organisations that also meet compliance mandates. This model requires agile controls based on pattern recognition and predictive analysis, and the use of big data analytics to give context to vast streams of data from numerous sources.

RSA President Tom Heiser echoed Coviello’s call for an intelligence-driven security model and drew from his many discussions in 2012 with security practitioners, leading government experts, law enforcement and others in the industry to offer insights and best practices. Heiser pointed out several noteworthy examples of progress being made by organisations on the leading edge of employing a risk-based, intelligence-driven security strategy:

Some organisations are evolving the traditional Security Operations Center into an advanced Security Analytics Center, delivering the situational awareness and threat analytics required for active defense.

Organisations are putting increased focus on authentication and access management controls as they enable more access to networks and digital resources, especially in light of mobile, cloud and the Bring Your Own Device “user revolution.”

Organisations are shifting the relationship between compliance and security to ensure that a strong security posture, with appropriate reporting, can lead to a strong compliance posture.

Discussions about cyber risk and security are happening more at the board level as senior executives turn to their security teams to help them better understand the risks to their business.

Heiser concluded by explaining that the progress in security may seem to be met with new challenges but in aggregate, he sees evidence that mindsets are changing. There is a clearer view of the new risks facing the industry and there is an increase and new urgency in information sharing. Finally, perimeter–centric approaches to security are being replaced by a more mature model that if done right can offer organisations confidence in their ability to defend today’s open, hyper-connected and distributed digital infrastructures.

“The implication of these forces is that security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security while adversaries become more sophisticated. Confusion about what to do abounds because of this ‘perception versus reality’ gap as well as an increasing spread between sophisticated and naïve organisations, largely based on the aptitude of personnel,” said Art Coviello, Executive Vice President, EMC and Executive Chairman, RSA.

“In an age of openness where successful breaches are to be expected, if not inevitable, the balance of security spending must shift. Without rebalancing this spend it will become increasingly difficult, if it isn’t already, for organisations to have the ability to timely detect a breach and have the capability to respond fast enough to avoid loss,” said Coviello.

“One thing that’s evident in my discussions with customers is that many of them do recognise the need to change their mindset and how they approach security. More companies every day are acknowledging that in order to survive in this new era of attacks we all have to accept the fact that bad guys are in our network. Period. It is a fact of life in our connected, consumerised digital world,” said Tom Heiser, President, RSA.

“Fortunately I am seeing more companies move past the knee-jerk reaction that says any form of breach is a catastrophic failure. Customers, more executives and more boards of directors are starting to understand that accepting the fact that intrusions will occur is not the same as accepting that losses of sensitive information, malicious vandalism or other harm have to occur. They are adopting new tools and new tactics to balance broad, easy access to information with agile, effective security,” said Heiser.

Your guide to the latest cricket World Cup stories, analysis, reports, opinions, live updates and scores on Follow us on Twitter and Instagram or like our Facebook page for updates throughout the ongoing event in England and Wales.

Updated Date: Feb 02, 2017 23:49:34 IST