The solutions to secure these devices are fairly nescient. There are a number of use cases that customers want from us in this whole borderless, distribution enterprise that we can't properly address yet. We are working on it, and have a vision. I think a lot of this is work still to be done; both in the vendor community and IT community in rolling out and deploying some of this stuff.
You mention in the book that criminals are already taking advantage of many of these new technologies and exploiting them. What is the biggest cause for concern?
Attacks targeted specifically on mobile devices I think are quite narrow. The challenge is doing that security policy enforcement, basic access control. When a sales rep is using a mobile device to access a cloud-based application, and we terminate that employee, what is to stop them from when they get the termination to still go in (to that proprietary data) from their device, download customer lists and go to a competitor? I've had that happen in my career and there is basically nothing you can do. It's very frustrating.
So, the concerns range from malware and exploits, to basic access control and protection of your intellectual property. There is a broad array of concerns security professionals need to address.
What will play the bigger role in securing the network in a Web 2.0 world? Product or policy?
At the end of the day, it's clearly driven by policy. Policy then drives product. I can go off and give you ten examples of products I've built that are ahead of policy and people's ability to absorb the technology. So it starts with policy and a mentality.
We want to see our customers shift away from a security posture of no. Away from saying things like "Google Android? No, we can't support that. Web-based applications like Google docs? Not secure, don't use that." We want to get away from that to a posture that says "Absolutely. Use the tools that help you get your job done efficiently."
You mention the future and Web 3.0 in your book. What is Web 3.0 going to include?
If you look at the investment companies make in building data-center infrastructure to support their business, I do think ten or twenty years from now we will look back and say "Wow, that's crazy. Why were people building their own stuff?"
Imagine if every company in the world built their own hammer. Sure, they could build that hammer to fit exactly the job that needed to get done, put a pointy head on it, a special handle. But it's very inefficient for every company in the world to build their own tools.