RSA President: Time To Rethink Security
During his keynote speech that launched the RSA Conference 2008, Coviello underscored to an audience of about 4,000 security professionals that rethinking security means adopting a holistic and information -- centric strategy -- a model which includes re-evaluating what security means for an organizaiton.
But it's a philosophy change that many struggle with, Coviello said. Quoting from researchers, Coviello said that security is viewed "at best as a necessary evil and more commonly as a necessary friction."
"If we are to be enablers, and not inhibitors of innovation, we must have this ability to conjecture, to conceive things as they might be. To do so we must think differently about security," said Coviello to thousands of security vendors, regulators policy makers and researchers at San Francisco's Moscone Center on Tuesday. "Today, I plan to turn a long standing stereotype of information security on its head and show how information-centric security can be an accelerator -- and not an inhibitor -- of business innovation and growth."
Kicking off his speech, Coviello said that more than 80 percent of IT, and business executives admitted that their organizations have shied away from technological innovation because of increased security concerns -- which include sophisticated attacks and highly organized criminal networks.
Coviell said that we live, "at a time when one wrong click can jeopardize livelihoods and identities, when users of all stripes are confronted every day with cryptic dialog boxes that ask, 'Are you sure?'"
Throughout his keynote, Coviello hailed Alan Turing, who broke the Enigama code and then seeded the field of artificial intelligence, as the inspiration for the transformation from reactive to 'thinking security.'
"Turing's genius is that he looked at problems differently. It was his ability to conjecture that enabled him to see that the brain's actions could be emulated and that a computing machine could be a "thinking machine," indistinguishable from human-level intelligence."
"The static perimeter defenses and the rigid rules of hard-and-fast security policy are crumbling. Something more organized and intelligent is already taking root in their place. I call this approach "thinking security' and technology path to implementation of information-centric security," he continued.
Rethinking security philosophy starts with approach. For one, Coviello advised security practitioners to approach it more strategically by assessing their IT environment, evaluating the probability of attack and then implementing a plan to reduce the risk of exploitation.