RSA's Art Coviello: 6 Hot Security Trends In 2008

EMC's RSA Security Division President Art Coviello recently shared his views on the hot security trends facing solution providers in 2008. Here are excerpts from his conversation with CMP Channel Editor Steven Burke.

CONSOLIDATION OF SECURITY VENDORS

"I think you are going to see at a macro level continued consolidation in the industry. I think big vendors like RSA EMC will continue to pick up the hot and innovative new companies. Having said that we have several hot innovative things we are working on independently and organically in addition to any acquisition opportunities that might surface.

"End user customers are really looking to minimize the number of vendors. The more you have a complete solution the easier it is going to be as a reseller to succeed."

DATA LOSS PREVENTION TECHNOLOGY IS CRITICAL

"Just the sheer amount of openness that has been created with Web application implementations over the years as well as newer service-oriented-architectures is creating vulnerabilities to a group of criminals that are more organized, purposeful and effective than ever before. You need to protect data right down to a more granular level. That is why this data loss prevention technology that monitors the flow of information is going to be a pretty hot item in 2008 and for the foreseeable future."

SECURITY CONSULTING SERVICES ARE NEEDED TO SOLVE POINT PRODUCT-ITIS

"There is just a marvelous opportunity because there is such a plethora of point product solutions that have come on the market in the last couple of years for consulting services to help companies make sense out of all of this.

"You can't buy enough point product solutions to solve your problems. You have to look at it holistically. I was in a particular account and they had a big chart on the wall of six or seven different security applications and I asked the CIO what was his overarching security strategy that led him to put that list together, and he said, 'You know I think we need one.'

"So if you have a bunch of point products you are like the Dutch boy with so many fingers in the dyke asking where is the next hole going to pop? So you have to step back and look at things holistically and that is what a security consulting practice can offer."

DATA DISCOVERY/CLASSIFICATION MUST BE A PRIORITY

"Data discovery and classification as part of this data loss prevention is going to be extremely important. I think you are going to see security become more and more part of the information and IT infrastructure because you can only mitigate risk, you cannot create perfect security solutions. That means you have to understand what is important. Understanding what is important means knowing what you have and being able to classify what is important."

INFORMATION AND EVENT MANAGEMENT IS HOT

"We obviously have an offering in that space. As companies seek to comply with whether it is payment card industry standards or Gramm-Leach-Bliley or whatever new regulation comes to the fore you have to have the ability to demonstrate that you are compliant and to do that you have to have an historical record of what you have done.

"This capability also can be used to help you remediate problems you have by being able to analyze all of the data that is in the network or the operating system or the application level. So information event management technology will be hot."

AUTHENTICATION REMAINS A BIG ELEMENT OF THE SECURITY EQUATION

"Even though it has been around a long time strong authentication will continue to be an important element because as you try to protect information at a more granular level understanding who is getting access and preventing unauthorized people from getting access is going to be a key element of that. You will continue to see different authentication methodologies come out. Everybody loves the idea of a single credential.

"I don't think I'm going to see it in my lifetime. So dependent on the facts and circumstances you'll need to deploy different authentication technologies for degree of risk or type of application that you are engaging in. So I think you will continue to see an activity in that space as well."