RSA leader urges security vendors to collaborate
SAN FRANCISCO — The rapidly evolving collaborative information infrastructure offers developers an opportunity to create true security by building it into information technology systems, said Arthur Coviello, president of RSA, EMC’s security division.
“We are at a critical inflexion point” created by the rapid adoption of new technologies such as virtualization, cloud computing, and collaborative Web 2.0 tools and applications, Coviello said today during his keynote address at the RSA Conference.
He also called on the security community to create an ecosystem in which a common set of design standards governs the development of security tools.
If security vendors continue to focus on creating products designed to protect a single point against a defined set of threats, the online world will continue to fall behind an increasingly sophisticated and organized culture of hackers and criminals, he said.
“The vendor community must take the lead,” he said. “We are the only ones in a position to build a security ecosystem.”
In a brief roundtable discussion, Brett Galloway, senior vice president of Cisco Systems’ Wireless and Security Technology Group, and Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, said the three companies are already collaborating on information security.
“The enormous wave of collaborative technologies” emerging today will be the drivers of future economic growth, Galloway said. “They also create huge security threats at the same time.”
“When you’ve got a common enemy, it really galvanizes companies to work together,” Charney said.
Coviello identified the common enemy as an underground world of organized hackers and criminals who have outstripped the IT world in terms of cooperation and collaboration.
“They are not bound by any rules of law,” Coviello said. Their only service-level agreements are “honor among thieves. But they are organized, purposeful and effective. Our adversaries operate as a true ecosystem.”
In the security ecosystem Coviello envisions, companies would embrace a common development process for security tools that would incorporate policy management, decision points, enforcement and audits. By decoupling those elements from the functionality of individual products and incorporating them into a design process for interoperable tools, the evolving collaborative and interactive infrastructure could have security built in rather than added on at individual points.
Coviello urged companies to collaborate on standards, share technology, and improve the integration and interoperability of technology.
Charney said the security industry is also at a “critical inflexion point with government. There is a huge opportunity now to reinvent the public/private partnership” and go beyond mere information sharing to joint operational efforts.
About the Author
William Jackson is a senior writer of GCN and the author of the CyberEye column.