Q: Big data and analytics are hot now. Will it play a big part in security? While its contribution to the business is difficult to quantify, do you see some organisations making headway on this?
Dr. Thompson: Big data analytics and security is going to be huge and will transform entire industry. There are cases where big data has been used very effectively to enhance security—at Blue Coat we analyse over a billion web requests every day and without that data it would not be possible to handle these requests. We are moving into a period where we can quantify the contributions of security to businesses, but we are less concerned about measuring what we have prevented. Rather, we look at what we've made possible.
Q: Consumerisation of IT, where powerful hardware like graphics processors are available cheaply, is enabling hackers to use to crack codes. In addition, the underground economy exists for cyber criminals to thrive. Will we ever win the war against cybercrime?
Dr. Thompson: Security is a constant battle. Attackers get better and defences better. We should continue to allow small failures to occur, and most industries do allow for failures—the question is how quickly you can recover from them. If there is a breach, enterprises should think about how to contain it, how to recover from it and what to learn from it.
Q: Is there a "baseline" to security investment without trading too much flexibility for rigid controls, so that it is considered sufficiently secured? In other words, can an organisation mark $X as sufficient to secure itself?
Dr. Thompson: The amount of investment in security depends on risk profiles, but security shouldn't be viewed as rigid. Investments in security should make the business less rigid, more flexible and able to adapt to constantly evolving threats.
Sign up for CIO Asia eNewsletters.