Save up to $369 on HP notebooks
- Related Stories
-
Unlocking security at RSA 2007
February 12, 2007 -
Security gets mainstream attention at RSA
February 5, 2007 -
PayPal to offer password key fobs to users
January 11, 2007 -
EMC to buy RSA for $2.1 billion
June 29, 2006 -
RSA: Microsoft to shelve token support in Vista
May 2, 2006 -
RSA snaps up authentication software maker
April 24, 2006 -
RSA to test new Web authentication service
October 14, 2005 -
Companies urged to move beyond passwords
September 14, 2005
The RSA president sees the security industry finally moving from defending the perimeter of a network to actually locking down the data within, he said in an interview. It is a message he has been repeating for years at the RSA Conference, but this year, he expects to see evidence of a response.
Coviello's words matter. Not only because he's spotted a shift that's important in a world where data breaches make headlines almost every day. His company, taken over last year by storage giant EMC, also exemplifies the ongoing consolidation and maturation of the security industry.
But not all of Coviello's predictions come true. He used to hope for a mass market for devices like its key fobs, which generate one-time passwords. Coviello still believes such passwords will go mainstream, but not necessarily through tokens.
Video: Security rights and wrongs
Is security boring? RSA President Art Coviello gives an artful answer.
Video: Where are all the tokens?
Coviello still believes one-time passwords will go mainstream.
Yet, while some pundits say the coming of age of information security makes it boring, Coviello disagrees. The 16th annual RSA Conference, which gets under way on Tuesday, will show signs of energy and excitement in the sector, he told CNET News.com on the eve of the industry's biggest showcase.
What do you think will be most exciting about this year's RSA Conference?
It is just the energy. A lot of the discussion though will be around this change from static solutions to dynamic ones. You will also see a tremendous amount of emphasis associated with data protection. We can no longer rely on just perimeter defenses; we have to get it protecting the information itself. You are going to see a lot of discussion about encryption. And encryption is great; it is basically the soul of RSA.
Every year, you speak about the state of the industry in your keynote address. What's your message this year?
It is time for the industry to transform itself. That transformation is actually already under way. It involves migrating from the more static perimeter defenses we have had in the past, to ones that actually follow the information itself.
When you talk about industry consolidation, as has occurred over the last year with ISS and RSA, I think what you're starting to see is that transformation--the fact security needs to be integrated into products, and products need to be more secure in the first place.
Some analysts say that's actually making security boring. Do you agree?
I think that's baloney. It really doesn't get to the heart of the issue. It is not whether it is boring or exciting. Ideally, it would be seamless and transparent.
What's happening in this transformation is that security is being recognized as an important part of the overall information infrastructure. But that doesn't mean that there won't be standalone security applications--there will have to be--but they will most be woven into the fabric of that information infrastructure.
Do you have a call to action for the industry?
The call to action is to focus on the information and less on the perimeter and to focus on the fact that information has this nasty habit of wanting to travel. We have been engaged in defense and protection, what we should be engaged in is offense and enablement, and that's going to be a radical shift. I have been preaching this for years, but I think it is finally about to happen.
People need more access to information. Things like Web 2.0 type initiatives are creating opportunities for businesses to do more online than ever before, and they can't do that if they can't do it with confidence. That's where security comes in.
RSA was acquired by EMC in the past year. How is its business changing, as part of EMC, to deliver on this call to action?
First of all, RSA is alive and well within EMC. We have gone through a fairly extensive integration process. We have been able to do that in the first four months of the acquisition without skipping a beat.
EMC, with its massive resources, gives us the ability to take a wider view of security. An example of that, we were presented on day 1 with an acquisition EMC had done of Network Intelligence, an incident and event monitoring company. Having that capability allows us to expand what we do.
See more CNET content tagged:
Art Coviello,
RSA Security Inc.,
perimeter,
transformation,
security
