ITWeb sat down with Eddie Schwartz, chief security officer of RSA, the security division of EMC, to discuss some of the trends in enterprise security. Schwartz was one of the speakers at this year's RSA Conference Europe 2011, held in London.
ITWeb: What, exactly, does your role as CSO for RSA entail?
It's about 70% internal facing. That means dealing with the security of our internal resources, the security of our products and the security of our interactions with customers - so end-to-end security for RSA and end-to-end risk management for RSA. The other 30% of it includes what we're doing here, which is talking about what we do, relative to security, talking to the press, analysts, customers and also talking about our vision for how we provide innovation in the market place.
This whole issue of advanced threat, and how enterprises that are using advanced technologies are facing these advanced threats, really requires an interactive dialogue with industry. I've been in this game for a long time, and part of my job is going about and talking to other chief security officers, CIOs and others about their problems, how they're dealing with them, and what they're changing. And based on my experience at RSA, giving them some thoughts and exchanging ideas with them.
What is the focus of this year's conference and why?
This year's conference has a number of themes, but one of the main themes is that we need to think about security differently. Risk needs to be thought of differently. Risk has to be focused on those things that really matter the most to you. You can't protect everything equally. So if you're thinking about risk, you have to think of the adversary and what their potential to attack you is, and what your potential vulnerabilities are. That's not traditionally how companies have thought about risk.
The second theme is that security needs to be contextual in nature. In other words, when something happens, you have to relate it to evidence you have. For example, today you attempted to authenticate to your e-mail system but the travel system is saying you're actually sitting in Bangalore, India, and not in the UK right now. Should we allow you to authenticate to your e-mail? That's a contextual event.
The third item is the notion of agility. And agility means the enterprise security platforms that organisations deploy must have the ability to be dynamic and adapt to the changing environment. For example, if you are deploying network monitoring, you can't base it on static signatures that hackers aren't really using anymore. You have to be able to look for the unknown. The things that we don't know are going to happen tomorrow. They have to be open, you have to be able to integrate information from lots of different sources. That requires a different way of thinking than these closed, proprietary systems that we've had in the past.
What changes have you put in place to ensure something like the RSA breach doesn't happen again?
I don't know that anyone can ensure something like that won't happen again. What we are doing is working to reduce the risk of future breaches, because there's no 100% security, of course. But part of what I'm doing is looking across everything we do and asking what the most important aspects of our information infrastructure are. What are the intellectual property items that we value the most, what are the processes that are most critical to our business? Those are the ones we need to protect with the most care. Those are the ones we need the most visibility into how they're doing from a continuous monitoring perspective.
I'm also looking at how we can deploy innovative technologies within the organisation, to help isolate critical processes and critical intellectual property and information. For example, uses of technology such as virtualisation and uses of technologies like Netwitness that we've already used at RSA, but to create isolation and deeper monitoring.
Obviously, we're continuing to conduct user education across the board but that's not so much a problem within RSA, because as you can imagine, coming out of the breach, people were highly motivated in a lot of different ways to be a part of the solution to anything we did, whether it was internal or customer facing. There's a very motivated workforce at RSA.
Share
