Security Becomes a Business Enabler - Baking In Security (
Page 2 of 2 )
Do you think that vendors should be
doing a better job of baking security into the products as opposed to security
being a separate industry?
Take EMC, for example, we are building
our encryption technology into our PowerPath storage management software. So it
will come with the software. If you want to encrypt your disk and storage
arrays you'll be able to do that. We're also doing something … for tape, we've
got partnerships with Cisco [Systems] that we're developing and with Brocade to
do encryption in the SAN [storage area
network] switch itself and things like data loss prevention technology where we
have discovery and classification technologies for finding out what your
critical and most confidential information is.
Well, that same
discovery/classification engine can be used in a content management space for
things like legal discovery. So you can repurpose these technologies and have
them [be] infrastructure. This isn't one of those things that it's going to
happen overnight, but over time. Even stand-alone security applications are
going to need to get more and more absorbed into the infrastructure.
Some people say the security industry
is dead because of that, or that it is going to die. Do you agree with that?
Well, there'll always be a requirement for security applications, but those
applications will get embedded into the infrastructure. So it's not like
security technology is going to go away, or security people are going to go
away, but all of this stuff needs to be automated and worked more
cost-effectively within the environment itself.
Another thing that I didn't
talk about in the keynote but in other research we have seen is that the
percentage of spending on security products and services as a percentage of
overall IT spending was 1.5 percent in 2001. By 2006, on a much higher IT
spending number, that percentage had grown to 3 percent, and at its current
trajectory, that percentage will be 5 percent by the end of next year. And
generally, I'll ask an audience, do you feel safer in 2008 than you did in
2001, and they'll say no.
So here we are spending more and more as a percentage
of our IT spend, and we're not necessarily feeling any safer. So what's wrong
with this picture? It's because we keep doing security reactively, we keep
trying to bolt on security after the initiative has been started, and as a
result, we're a day late and a dollar short. We're solving yesterday's problems
and it's costing more and more to do it.
From RSA/EMC's
perspective, what are some of the ways you guys see this playing out, and how
does this affect your road map?
Well, I think for the foreseeable future we'll still
have a lot of stand-alone product, but what you'll see is our professional
services practice getting more and more absorbed into EMC's
business risk practice, which is more broad-based than just security. You'll
see things like discovery classification not only being used in security
applications but also being used across the entire enterprise. You'll see
things like virtualization be more and more of a factor in IT infrastructure,
and you'll see things like, and we're already doing this, SecurID is already
qualified for virtual desktop applications. So if you want to download a
virtual image of your desktop you can authenticate to get that virtual image
with SecurID. We have that qualified with VMware software. You see what I mean?
I don't know if you remember that Prego spaghetti commercial about the
ingredients—'It's in there'? It will just be there.
