Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security must evolve to be 'all about the data'

Taylor Armerding | July 25, 2014
Experts on panel agree that security in the future, to be effective, will not about the devices, the network or even the user, but about embedding data with its own protection

Tim Brown, Dell fellow and executive director of security at Dell Software Group said that is also going to require the data itself, "to understand what its policy should be, how sensitive should it be and what should be the rules to access it. If we get to that point, then we can have information flowing more freely."

That kind of advance in security, as significant as it would be, will not be a silver bullet, however, panelists agreed. One reason is that the attack surface is exploding with the Internet of Things (IoT).

Jon Ramsey, Dell fellow and CTO of Dell SecureWorks, said the, "merger of the cyber and physical domains — smartphones, smart cars, smart — is very, very concerning. It gives capabilities to threat actors in the physical domain that they didn't have before, especially in critical infrastructure.

"It's interconnecting things that weren't designed to be interconnected, which means we've just changed the risk equation substantially," he said.

Then there is the "human factor." David P. Wrenn, vice president at Advanced Office Systems, wondered aloud how technology is going to, "prevent an idiot like me from clicking on a malicious link. That's one of the biggest challenges our industry sees."

Indeed, there was general agreement that the human factor trumps security at all levels, from the CEO who is more focused on staying competitive with the functionality, features and price of a product, to consumers who so far remain much more enamored with features than security.

"A CEO is thinking that you have to have profits before you can lose them," Sweeney said. So, for security to be effective, "it is going to be more like an airbag than a seatbelt."

"It is a business problem rather than a technology problem," Ramsey added. "It's a very competitive market, and it is very expensive to produce secure software".

Yet another human factor, Ferguson said, is that security too often remains an afterthought in software development. "If civil engineers built buildings the way programmers build applications, the first woodpecker would destroy civilization," he said. "The Internet of Things scares me."

Not everyone saw the future in quite such bleak terms, however. Brett Hansen, executive director, Client Solutions Software, said he thinks security will, "move from IT to the boardroom. It will become fundamental business discussion, to balance productivity and security and the cost of both."

And Brown said he believes companies will address the human weakness factor. "I see a big trend toward human-based security," he said. "Not about systems and the environment as what people do. See more psychology come into play."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.