RSA chief: The job of security guy is not to be 'Doctor No'
Web 2.0 technologies and cloud computing are extending traditional enterprise network perimeters to the point that they are practically vanishing, says a report released this week by RSA, the security division of EMC Corp. The report further states that information security managers who understand the associated risks and learn how to manage them can help their companies adopt such technologies on their own terms.
The report also includes recommendations from 10 members of RSA's Security for Business Innovation Council, including chief information security officers from J.P. Morgan Chase, Motorola, eBay, Time Warner and RSA.
In this interview, RSA president Art Coviello talked about some of the report's key recommendations as well as other topics.
Why did RSA do this report? This report is about what we call the hyperextended enterprise, which is exactly what you think it would be. We are using the Internet as never before. There are more devices, there are far more Web applications and now with Web 2.0 and social networking, communication is instant and pretty constant.
Our dealings as businesspeople with customers, suppliers, partners, and even our own employees, has changed dramatically in just the last seven or eight years. The opportunity being created with technologies like virtualization and cloud computing is extending the perimeter out even more. It literally puts your IT infrastructure out of the company in many instances. So our research is on whether people have learned the lessons of the past, and if they are building security into the cloud computing environment. Unfortunately, we found out that they are not doing this as they should.
What are some the recommendations from the Security for Business Innovation Council in terms of what companies should be doing to enable cloud computing? The first recommendation is that if you are thinking of outsourcing applications and information and infrastructure then you ought to rein in the protection environment. See if there is a way to lessen the cost of security. Look at the kind of security measures you have, check them for cost effectiveness and see if there are redundancies.
[Another] recommendation is to proactively embrace new technologies on your own. The job of the security guy is not to be "Doctor No." It's not to say "you can't do stuff," but rather how you can embrace these technologies and how you can do it securely. You can never do security perfectly, but if you do it in the context of risk, you can minimize your exposure.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
