On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

Talkback

Add your opinion
advertisement
advertisement
Symantec CEO: The future of security

At the RSA Conference in San Francisco, Symantec CEO Enrique Salem reveals what he thinks the security of the future will look like. Among the things he says we need to do? Make security risk-based, info-centric, automated, and work-flow driven to keep up with security threats.

>> Now what I think about is what's new when we try to operationalize security? So here is the approach that I think we should be thinking about. It's a new model. It's a risk based, information centric responsive, work flow driven. So it's risk based, information centric responsive, work flow driven. So what does that mean? When we say it's risk based it means that we have a framework for having a conversation with our lines of business about how we're going to manage risk and what are the risks that are acceptable for us to deal with. When we talk about being information centric all of us know and you hear a lot of talk about the infrastructure but the other thing that you've got to think about is it's the information. Protecting the infrastructure is necessary but not sufficient. One of the most important things that we have to think about is where does that information live? What are the risks to that information? We also have to deal with this notion of virtualization, cloud computing. Where is that information being stored? Because it is increasingly separate from our own data centers and our own environments and so we have to figure out how do we protect that information when it's not necessarily 100% in our control. When I talk about responsive it means that we need to be situation aware. That means that we have a real time view of what's happening. Our environment and our response is dynamic. So we need to be able to recognize threats. We need to be able to respond and we need to be able to remediate very quickly, without a lot of latency that allows the threats to expand or to spread through your entire organization. When I talk about work flow driven this is probably the newest concept because it's about automating the day to day processes and it's not just about automating between the security products it's about closing the gaps between the security products and the tools you use for operations. It's about how do you make sure that a lot of the processes you have are highly automated and reduce the latency for remediation. When we think about operationalizing security what we want to do is we have to get away from the silode assumed spelling peace meal opaque approach that we have today. It has to be risk based, information centric, responsive, and work flow driven. The answer is to operationalize security. Now what does that mean? What does that mean in practice? I think what it means is that it's important that we understand what is the risks that we're willing to deal with? What is the level of policies that we have to implement? Once you have the right policies defined. Once you have the right design of your network environment the technologies can create the work flows that automate what you've been doing manually. For example let's say that you decide to set a policy that says customer credit card data can't be put on a USB device. Seems like a common policy. If you've got a DOP technology that's content aware, it can detect that somebody's trying to copy that information onto the USB device. If the employee starts downloading it and starts downloading that spread sheet with 10,000 customer records it can kick off a trigger that sets off an alert that notifies a work flow that basically allows the employee to be notified what they're doing and potentially that's sufficient or it can notify the administrator that there is a potential breach of information. You may decide though if it's the CEO it's ok for them to take that action even though I'd strongly recommend against it. But I think the point is you've got a situation where you can define a policy and you can make decisions real time. You can automate the process of protecting information. If we think about it all of these manual processes are a problem and so part of the answer has to be in having the right work flows that notify the right people when something is happening. But more importantly you can also build your escalation processes into it. If the administrator is not there it can be escalated to their manager or to the next person in the notification or escalation path. I think when we think about what's going on information walks out the door everyday and we're often not in control. When you operationalize security it puts you in control.

==== Transcribed by Automatic Sync Techologies ====