Formerly with technology firms such as BMC and Computer Associates, Dave Hansen has forged a career covering a broad spectrum of roles from leading business units, to being the CIO at CA, to assuming the full reins of the current president & CEO role at security firm SafeNet.
CWHK: What do you see as the biggest threats or security challenges today?
Dave Hansen (DH): One thing that I view as one of the biggest trends and one that I believe matters most to businesses today is that people are now realizing that security must be as close as possible to the asset that they are protecting. That's an important concept as my former Chief Security Officer at CA once pointed out to me in 2007—the candy-coated shell that we call the perimeter is cracking— today it no longer even exists.
So when people look at the concept of perimeter security, it's really about securing the asset and where that asset is located. Companies and individuals need flexibility in locating these assets in the place of their choice, the device of their choice. So now people are much more serious about putting in encryption in places where it's critical to protect.
There's great progress in threat detection and threat prevention systems but breaches are inevitable — the reality is that when you do get breached what is your next step? Your board will ask instantly if the breach accessed any critical data and if that data encrypted?
CWHK: But companies can't encrypt everything right?
DH: Correct, but companies need to make their own assessment on what is critical. So at CA for example, we didn't have consumer credit card info, we didn't have customers' personal details. But we did have employee information and intellectual property, so it was clear to us that these were our critical assets and priority areas to protect.
If you look at a company like Netflix for example, what is critical to them is their video content obviously but also their data on which devices are certified and approved to view their content.
SafeNet works with Netflix via cloud services to ensure that subscriber devices are certified and authorized to access Netflix content. They don't want people spoofing devices and getting free access to movies—that's lost revenue.
So we see a lot more happening at the file and database level where people are now prioritizing their IP and critical data. CIOs in the past have struggled a little bit in this respect as it was an exhausting and onerous task but now the priority is there and the technologies are available to help.
CWHK: Security is clearly an issue for the public cloud, but what about the private cloud?
DH: Regardless of whether we are talking about cloud or not, if we take a typical enterprise today it will virtualize its infrastructure at many levels. As it does that it becomes very easy to move workloads across virtual servers, easy to make copies of say an SAP instance and you soon get what is called virtual sprawl.
Sign up for CIO Asia eNewsletters.