Time To Come Together: Collaborating On Security
On the heels of the Conficker worm and a Pentagon hack, security executives were on the same page. RSA's Art Coviello laid out the challenge: "Cybercriminals have unique advantages. They're not bound by any rule of law, they aren't bound by service agreements beyond honor among thieves and they aren't bound by governance and compliance," said Coviello, executive vice president of EMC and president of RSA, EMC's security division. "They collaborate offline to build their attacks and online to launch them. This is what we're up against." To combat the threat, security vendors need to work together, Coviello added. "My call to action is to build a common development process that ensures we're faster and more flexible than the cybercriminals."
McAfee President and CEO Dave DeWalt also called for industry cooperation to combat what he said was a worsening threat. The economic turbulence and the rise in unemployment have come with a rise in cybercrime, with more malware detected in 2008 than in the previous five years combined, and some 80 percent of cybercrimes being financially motivated, DeWalt said.
True IT security will only come from collaborative partnerships that span all IT platforms and international boundaries, DeWalt said. At the RSA Conference, he proposed to build a comprehensive security architecture across different IT platforms that would interoperate with companies' existing network infrastructures.
Cisco Systems CEO John Chambers echoed Coviello's and DeWalt's message in his keynote speech at RSA. Chambers urged attendees to integrate security not only with their IT infrastructures, but also with business processes. "Security isn't a stand-alone area," Chambers said. "Security is something that has to be embedded in our strategy, it has to be embedded in our technology, it has to be automated."
For its part, Symantec is betting a move to reputation-based security technologies distributed through the infrastructure is the way to go, said CEO Enrique Salem. Speaking at the RSA show, he added the emphasis on reputation-based technologies is part of Symantec's larger effort to help companies "operationalize" security.
Can the IT security industry, let alone the world, come together to work on a more secure architecture? Or are we more likely to continue to see one-off new products that solve the latest threats? Share your thoughts with me in the discussion area of our new online community at community.crn.com.
While you are there, you can upload your picture, find and connect with other solution providers like you, ask a question or start your own blog. You can even form a private, invitation-only group of your choosing. Whatever you do, let me know what you think once you are inside.