Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security must evolve to be 'all about the data'

Taylor Armerding | July 25, 2014
Experts on panel agree that security in the future, to be effective, will not about the devices, the network or even the user, but about embedding data with its own protection

There is a fierce debate about whether GMOs — genetically modified organisms — with built-in resistance to pests, fungus, drought and other agricultural threats, are a good thing when it comes to our food supply.

But there was little debate Thursday morning in Boston at a panel discussion among Dell security experts, partners, analysts and customers that the digital equivalent of GMO protection embedded in data will be more than just a good thing — it will be mandatory to sustain any credible level of security into the future.

The event, the first in what is titled the "Dell 1-5-10 Series" security discussions, was focused on what the title suggests: What will the threat landscape look like in one, five and ten years, and what should enterprises at all levels be doing to counter those threats?

And while it is notoriously difficult to predict just about anything in IT, the panelists agreed with Don Ferguson, Dell senior fellow, vice president and CTO of the Dell Software Group, that a security model for applications that, "has not changed in decades doesn't sustain us."

That model, which, "relies on the program to identify the person and what is the operation," is now obsolete, he said. "Data are everywhere, on the device, in the cloud, moving around. You can't find all the places that are moving it around, so data need to be self-protecting. And existing apps are not coded that way."

Changing that model, said Patrick Sweeney, executive director at Dell SonicWALL, would, "solve the BYOD problem."

Instead of focusing on a device or a user, it would be, "only about the data — not about the device, not about the network. You need to protect it, own it, revoke it."

To do that in the next five years, he said, would require three things: "First, encrypt it with enterprise key management. That's fundamental to any BYOD strategy.

"Second, it has to reside in a virtual container that I control, like an embassy that is subject to my rules and my laws. Somebody else can't repurpose it, send it out on an email or do anything with it.

Finally, he said, it would have to possess egress policies that control who can access it. "If I want to revoke the key, I can hit a red button and it doesn't matter if the bytes are still there, you can't read them," he said, contending that if the National Security Agency had had that kind of control over its data, it could have prevented whistleblower Edward Snowden from stealing and passing on classified information to journalists.

Ultimately, he said, access to information will resemble "watching TV."


1  2  Next Page 

Sign up for CIO Asia eNewsletters.