Derek Brink was thinking about where he would put his hope when it comes to data security.
It wouldn’t be with end users and customers, the Aberdeen Group analyst said, and most enterprises are thinking about growing their businesses and profits and want to ensure that complex security products don’t interfere with those efforts. Where Brink is putting his hope is with the vendors, who have the financial and competitive motivation to drive innovation, and the engineers and technical capabilities to make it happen.
And they have a broad view of what’s happening in the security segment in particular and in the industry as a whole.
“They have the data,” Brink said.
The analyst’s comments came at the tail end of a recent far-reaching, 90-minute discussion about security—from the importance of awareness and education among end users and the at-times overwhelming number of threats facing the industry to the desire to go on the offensive against hackers, the need to move beyond passwords and the security challenges presented by the rapidly growing numbers of connected devices that make up the Internet of things (IoT).
More than a dozen analysts, journalists, end users and Dell officials met in a conference room in Boston this week to talk about security, part of Dell’s ongoing 1-5-10 Series of discussions that touch upon key issues within the tech industry now and a decade down the road. This was the second such meeting regarding security.
An array of opinions and ideas were tossed around, but a thread that ran throughout the discussion was that while other actors—such as users and businesses—play key roles in combating the increasingly aggressive and sophisticated cyber-criminals who are taking aim at their data, ultimately the responsibility lies with vendors like Dell to ensure the tools are there to address the rapidly changing security challenges.
One thing that was made clear is that users—those people who unwisely open the email attachment or click on the wrong URL—should no longer be used as the scapegoat, to be viewed as the weakest link in the chain. It’s incumbent on vendors to make security technology less complex and easier to use.
“The user is not the enemy,” said Carrie Gates, senior distinguished engineer and chief scientist for Dell Research, adding that if users do something wrong, it can be seen as an indication that vendors have not done enough to give them the kinds of tools they can easily use. “How do we do security without looking at the users like they’re the enemy?”
Businesses themselves are looking for help when it comes to security. The top technology concern among smaller businesses is security, and a key challenge is finding the products that would work best for them, SMB Group analyst Laurie McCabe said. Brett Hansen, executive director of end user computing software product marketing for Dell Endpoint Security, said he hears the same things from Dell customers.
“We know it’s a priority,” Hansen said customers will tell him. “So what do we do now?”
Dell officials said they understand that security ultimately starts with the vendors, and that they have multiple projects under way to make security easier, more intuitive and more suitable for the current IT landscape. The company over the last several years has aggressively built up its security capabilities—through acquisitions (like SecureWorks, SonicWall and Quest) and internal development—as part of its larger transition from a PC box maker to an enterprise IT solutions and services provider.
End Users Not the Enemy When It Comes to Security
Hansen noted that Dell tries to put as much integrated security—such as 256-bit encryption—into its PCs before they ship. And researchers at the company are looking at what they can develop for a world of mobile devices and clouds. The “old security paradigm” of protecting the data that is stored within a customer’s firewall no longer works given that data is constantly moving in and out of a company’s environment and from one mobile device to another, he said.
“What we have to recognize is that the world is changing, and it’s changing very, very fast,” Hansen said, adding that the emphasis for security is expanding beyond securing the devices to include securing the data itself.
Dell researchers for the past year have been working on a technology that would embed intelligence and policies into the data, enabling it to know what it is, on what device it’s sitting and who is trying to access it, and then to act accordingly. The data would be self-protected, with the security traveling with it regardless of where it is going or what device it’s on.
Hansen told eWEEK that the technology could begin appearing within the next calendar year.
Dell’s Gates said there are other projects that researchers are working on. One is looking into how the way a person uses his or her device can be used as an identifier. People’s type and swipe patterns on keyboards and device displays can vary from user to user, so they possibly could be used to identify users and determine access, she said.
Analytics also will play a role, according to Don Ferguson, a Dell Senior Fellow, vice president and CTO of the Dell Software Group. Businesses can collect a lot of information about what’s happening in their environments, and analytics can help unlock what that data means, Ferguson said.
“If analytics detect what’s unusual, because it’s unusual, it’s probably a security issue,” he said.