Cisco At RSA: 'It's Time To Rethink The Entire System'


The entire concept of information security needs to change, Tom Gillis, vice president and general manager of Cisco's Security Technology Business Unit, told a packed house during his RSA Conference 2011 keynote session.

The consumerization of the endpoint and the increased usage of virtualization have rendered past security models obsolete and "it's time to rethink the entire system," Gillis said.

Gillis pointed to an era in which corporate users can select their own devices and determine where work is done at anytime from anywhere. And to accommodate that, the security model has to take a dramatic shift.

"People don't want to be tied to a particular place, particular time or particular device to get their work done," he said, adding that over the next three years the number of consumer devices will explode to 166 million and many of those will also be used for work. "Cool and easy will always win out over safe and clunky," he added.

As an example, Gillis pointed to Cisco, which has an "any device" policy that enables employees to personally select the devices they need to work. The program has 60,000 users and has lead to a 200 percent increase in user satisfaction and a 25 percent decrease in costs.

"The freedom of choice is actually good for business," he said.

Now add virtualization into the mix, which creates a dramatic decrease in IT footprint, cost savings and speedier time to launch applications and the need to become a dynamic network organization emerges even further.

And while these trends are liberating employees, the security architecture built to support them has become archaic, so much so that employees are working around security to work.

"I never fail to be amazed at the lengths people will go to to get their jobs done," Gillis said, noting that often times "security is the barrier, the inhibitor."

To succeed, Gillis said, companies have to recognize that more devices will come into the enterprise. But he said the current security architecture has run its course and "we're losing control of the endpoint."

Gillis highlighted Cisco's recently launched SecureX security architecture, which makes security context-aware.

He said companies have to adapt to the new way of work and "re-imagine" security so that it can identify users, understand applications, recognize locations, understand time and understand how a user is accessing data.

He urged RSA attendees to lead the discussion to tear down the security barriers within their organizations.

"These changes are all around us, and they're obvious," he said.