Blue Coat is looking to partner with business, says chief security strategist

Information security is about what you can make possible for the business, says Blue Coat's Hugh Thompson

Information security is about what you can make possible for the business, says Hugh Thompson, chief security strategist at security firm Blue Coat.

This is the guiding principle for the company’s product development and acquisition strategy, he told Computer Weekly.

“Information security professionals and suppliers increasingly have to adapt to the speed of business as quickly as they can,” said Thompson.

This includes being able to deal with advanced and highly-targeted threats through technologies such as sandboxing and the ability to do forensics, set policy automatically, and share threat intelligence.

“This approach means that if something happens, then we learn from it globally and we can prevent it from happening again,” said Thompson.

Another key element is creating what he calls “safety nets” that enable the business to be confident and comfortable in taking more risks by using new technologies to win in their marketplace.

Companies are increasingly looking to technology for competitive differentiators in a way they have not done in the past.

“We want to build technology that can be put on the network to allow you to embrace technologies such as Dropbox and Google Docs, and roll out new services in a secure way,” said Thompson.

Partner with businesses

As a supplier, Blue Coat is looking to partner with businesses rather than being the people who enable IT security officers to say ‘no’, he said.

For example, Blue Coat is enabling insurance companies to accept photos from customers to initiate claims by scanning the images at the gateway to ensure no malware passes into company systems.

Similarly, credit companies are able to expose their internal risk assessment apps to car dealers to win business through prompt responses because of Blue Coat’s ability to block any malicious input from reaching the app.

As part of this strategy, Blue Coat is building on its dominant market position in secure web gateway and proxy products to focus on security as a means to make other things possible.

“We re-tasked the company around that mission in May 2013 and have made a few acquisitions to support it,” said Thompson.

These include SSL visibility and inspection firm Netronome, security analytics and forensics firm Solera Networks and threat discovery, malware analysis and sandboxing firm Norman Shark.

These acquisitions have also helped Blue Coat support the idea that while companies should protect as well as they can, they should also have the ability for recovery when bad things happen, said Thompson.

“Companies are confident to do edgier things because they know they can identify malicious activity very quickly and block it,” he said.

Demand for technology to support this approach has grown in recent months, he said, driven in part by large number of high-profile data breaches in the news.

“A year ago, many companies believed they could protect their data by locking things down, but now they are starting to realise that bad things happen even to those that take security seriously,” said Thompson.

The move has been led by financial services companies that tend to be early adopters of new security strategies and technologies.

Forensic investigations

“These companies understand the need for this approach because many have had to do post-incident forensic investigations using third parties,” he said.

“They have seen how unsatisfying the answers usually are and so they are now asking if they can put a technology infrastructure in place to be able to do this stuff quickly.”

Financial services firms and government agencies are leading the demand for the ability to recover and provide accurate answers to the public and the board quickly, he said.

“This enables companies to say exactly how bad a breach was without having to continually revise severity assessments and take immediate steps to block an attack and recover,” said Thompson.

“Outside finance and government, there is still a need to encourage organisations to treat data security in the same way as other types of safety by including ways to cope when they go wrong.”

Thompson said this approach will become more important as companies increasingly need to adopt technology such as cloud computing at a faster rate just to remain competitive and support growth.

Read more on IT risk management