Symantec Chief Says Cloud Security the Next Step
Information is gold and cyber villains are getting more aggressive in their attempts to steal it. Data theft requires new ways of thinking, says Symantec CEO Enrique Salem at RSA.
SAN FRANCISCO -- With enterprise data growing at an overall rate of 60 percent per year, it's time to take a closer look at that information and determine its economic value. Because if we don't, the bad guys certainly will.
That was the warning from Symantec (NASDAQ: SYMC) CEO Enrique Salem, speaking here at the RSA Conference 2010. He warned that as computing power moves out to the cloud, that will drive a need for digital devices to provide you with greater access to that data.
But, he added, mobile devices are increasing in importance along with cloud computing, and they require new security methodologies to deter data theft.
"IDC says there will be one billion cell phones accessing the Internet by the end of this year. Right now, there are 1.3 billion PCs connected to the Internet. We need to think about how do we secure that device," he told the audience.
An economy defined by intellectual property, such as the U.S.'s, means it's all about the value of information, and the bad guys know this. Cyber attacks are shifting from being broad-based to being very targeted, Salem said.
Symantec's 2010 State of Enterprise Security survey spoke with 2,100 CIOs and IT/security executives, and found 75 percent had been attacked in the last six months -- and all of those had suffered some kind of data loss; it may have been intellectual property, financial or credit card data or the personal information of a customer.
And the old methods of cyber security simply don't cut it any more. Salem said that in 2008, Symantec added 1.6 million signatures to its antimalware software, more than it had in the prior 16 years combined. In 2009, that increased to 2.9 million more signatures added.
Instead of efforts, such as signature-based malware detection, he talked up the concept of reputation-based security, an approach that leverages the knowledge of users around the world. They would rank the safety of senders and base security around the point of origin. Since adding reputation-based security to Norton 2009, Symantec has collected one billion reputation ratings and taken 177 billion reputation queries in the last six months. It resulted in finding 15 percent more malware and blocked a hidden, previously undetected threat for half of all users, he said.
Application security, data security
But that's just one piece of the process: Security also has to move much closer to apps and the data.
"We can't just protect the perimeter. We have to protect the entire environment," Salem said.
Enterprises will need new types of security tools and models that give them better control over who can access what, and over which files are exposed, since people are more and more often accessing data from insecure devices outside the firewall. That need for better application security and network security only grows as enterprise assets move to the cloud.
"Security is not about placing firewalls around information or locking down a device, it's about enabling our businesses to take advantage of these new trends. It's about thinking about how do we secure and manage diverse environments, because all of us will get more diverse," Salem said.
As part of his speech, Salem cut to a video of Salesforce CEO Marc Benioff, who -- not surprisingly for the software-as-a-service pioneer -- talked up with his trademark cheekiness the inherent security of on-demand software as compared to installed software.
"Lotus Notes was conceived before [Facebook founder] Mark Zuckerberg was. It's time for a change," Benioff told the crowd.