Palo Alto Networks CEO At RSA: Security Isn't About Technology, It's About Trust

While security might seem like a massive technology issue, keeping data and devices secure is really a problem of trust, according to Palo Alto Networks CEO Mark McLaughlin -- one that threatens to stall progress in all areas of technology.

"We have to maintain trust in the digital infrastructure and we have to restore trust that has been lost," McLaughlin said in a Wednesday keynote at the 2016 RSA Conference in San Francisco. "There has been a lot of trust lost in the last number of years."

One recent example of this loss of trust in digital infrastructure is the Apple-FBI case, McLaughlin said. He did not take a stand one way or the other on the issue, although other security leaders did in their own RSA keynotes the day before.

[Related: Apple-FBI Debate Center Stage At 2016 RSA Conference]

Sponsored post

McLaughlin said new challenges created by the "fourth industrial revolution" include the blending of physical and cybersecurity challenges (seen in critical infrastructure attacks and furthered by the expansion of the Internet of Things), massive data aggregation and availability -- and the danger posed when that data is breached -- and a limitless amount of compute power.

These issues pose massive technical challenges, McLaughlin said, but the real impact of a cyber event is that a company's reputation can be destroyed, bringing the business to its knees. For the security industry, McLaughlin said, that means companies must focus on rebuilding the trust in technology, or risk losing the progress gained by the technology revolution.

"Security transcends technology. … These tectonic shifts that we do see in technology are creating the very productivity and infrastructure we need for the digital age, but at the same time, are also creating the opportunity itself to make the digital age go backwards," McLaughlin said.

To solve the trust challenge, McLaughlin said, the security industry needs to "flip [the problem] on its head" by dramatically increasing the costs for a hacker of a successful attack. That will give the security industry more leverage in the equation, he said.

McLaughlin proposed three ways that the security industry can do that:

First, he called for an increased focus on prevention technologies, especially next-generation technologies, platforms and automation.

Second, he said the industry needs to band together around threat sharing to turn unknown threats into known, automatically share intelligence and ingest that knowledge automatically into the network.

He cited the Cyber Threat Alliance, which Palo Alto Networks belongs to alongside Symantec, Fortinet and McAfee, as an example.

Finally, McLaughlin said, the security industry needs to promote cyber education, for both current business employees and the next generation.

"We have to get to a new paradigm," McLaughlin said. "If we can bring those three things to the battle, then we will start to gain some leverage over a highly automated adversary."