RSA APJ 2015: What’s next?
The main big idea that resounded during the whole RSA conference 2015 in Singapore, is that there is a mind shift.
Minds are shifting towards accepting data breaches and compromises and much more will happen.
A quick question of RSA President Amit Yoran during his media Q & A session, about how ready security vendors are at providing what business need in the next few years, yielded this as answer – security thinking is moving from prevention to realisation that security breaches will still happen.
Rather than focusing on building the next best thing to beat whatever the criminal underworld throws at us, the security community seems unanimous that we need to build a competency of people, processes, technology around failure (of security systems) and recovery.
Australian Strategic Policy Institute, senior analyst and director, Tobias Feakin described it as, “Accepting that it will happen, and being able to absorb the shock and bounce back from it.”
Also, if data compromises must happen, Blue Coat’s CTO and SVP Hugh Thompson proposes that there is a business need for predictability to the cost of damage, at least.
Has the world of security technologies and services, given us all it’s got?
Far from it.
According to RSA CTO Zulfikar Ramzan, there have been security concepts that existed for quite a while, but it’s only recently that computing power has caught up, and made it feasible to realise concepts like full packet network capture now.
Also, just as bad guys are gathering data and insights about individuals from their social media usage, so could the good guys.
Thompson shared about behaviour-understanding at scale, from social networks. This could offer up assessments about individuals, for example how accident-prone they are to security mishaps, or their tendency to be an enabler for a cyberattack.
Another observation about the industry is the fundamental issue buyers of security have: Do I understand what this security solution is offering?
Thompson said, “It has been problematic for buyers to understand what they are getting.”
This has made it important for third parties or service providers to come into a business’ IT environment and certifications they have to comply with like CREST, provide some level of accountability and SLAs for businesses.