A number of events in the past ten years has put the IT security industry in a challenging position, according...
to Art Coviello, executive chairman of RSA, the Security Division of EMC.
These include large increases in data transmission speed and storage capacity, the move from mainframe to web-based resources, the rise of social media, increased connectivity and the move from PCs to smartphones, he told reporters ahead of RSA Conference 2012 in San Francisco.
A new generation of tech-savvy employees has led the consumerisation of IT and script kiddies have been replaced by attackers that include organised criminals, nation states and hacktivists with political agenda.
With all these changes, Coviello said IT teams are faced with managing what they do not control and security teams are faced with securing what they do not control.
"We have to ensure that organisations have the reach they need to ensure that security continues to exist," he said.
Existing models of perimeter-based security are not keeping up with all this change, which is exacerbating the problem, according to Coviello.
There needs to be an industry-wide recognition of the seriousness of the problem and a commitment to work together to that end, he said.
After analysing the attacks on high-profile organisations, including RSA, in the past year, Coviello said: "We have a much better understanding of what needs to be done."
In the coming week, RSA plans to announce details around work it is doing with various industry partners such as Good Technology and Zscaler to develop next-generation IT security capabilities.
According to RSA, such systems must: be risk-based, enable trust to be constantly verified, extend enterprise identity management to the cloud, manage identity and access from the cloud and involve collaboration across the IT security industry.
Defence in depth also requires security systems to be intelligence-led, to give them the necessary agility and contextual capability to react to changing circumstances, said Coviello.
"Siloed products can't cope; information across the organisation needs to be available to a central analysis engine," he said.
Coviello said RSA understood the importance of maintaining customer confidence from first-hand experience.
He also took the opportunity to re-iterate that no successful attacks had been carried out using information gained from the RSA breach.
"We worked hard to ensure there would be no successful attacks as a result of the breach and to regain customer confidence; our success is borne out by the latest set of financial results," he said.