Make Security a National Priority
Coviello said that the recommendations of his research group are clear. They align the practitioner with the business and align the implementation of security with the risk. "At most companies today, security projects are being driven by compliance and audit, so what a surprise that they don't have alignment with the business! Security practitioners are not working on business problems; they are working on regulatory issues," Coviello said."First, Congress should pass a breach notification law that creates one federal standard for notifying consumers should a breach of personally identifiable information occur, and establish national baseline standards for safeguarding sensitive information," he said. "Right now there are 40 separate state bills. Makes no sense." Coviello went on: "Second, we need more government investment in education to produce better trained programmers and security professionals, the human resources we are in dire need of. And third, if we want to enable innovation with more innovative security we need to spend more on research. When you consider the stakes, cyber-security research should be a high priority." Thinking security The RSA president then called for a "thinking security" approach. "This requires a different breed of technology. We must look beyond tools that blindly lock down data toward mechanisms that can understand information and safeguard it intelligently throughout its life cycle," Coviello said. "From targeted advertising, to Internet search, to online book recommendations, our daily activities are empowered by a growing computer understanding of human discourse and behavior. Thinking security is about co-opting this intelligence to bring new flexibility and strength to information protection." Coviello said. the idea of "thinking security" cannot be independently accomplished. It is interdependent on and with the IT infrastructure and should be just one element of that infrastructure. "The rise of thinking security will mean that information-centric security is a reality that will catapult security to a new plane where it is widely seen as an accelerator of innovation," Coviello said.
He called for more aggressive action on a number of fronts to help enable innovation, and offered some recommendations: