Are things getting brighter...or not?
Illena Armstrong, VP, editorial, SC Magazine
Yet, optimism's my thing right now. And, recently, it seems the predominant feeling permeating our industry as a whole. Hold on, fellow pessimists. I'll explain.
I've been talking to dozens of lead security executives who have repeated the phrase, “The more things change, the more they stay the same.” So, data theft might be at an all-time high, but how data is getting pinched is pretty consistent. That is, cybercriminals are still enlisting the likes of application vulnerabilities and social engineering to get what they want. Just look at a recent blog post from Symantec's MessageLabs services, which explains how more than 400 thieves are using the Egyptian revolution to swindle naive email recipients out of huge amounts of money by demanding upfront fees to score cash later.
Yet, with this sameness comes some newness. As organizations increasingly make use of cloud-based services, social media sites or mobile devices, newer points of vulnerability have sprung up. What these and likely future innovations show is that security, just as Dan Geer had predicted some years ago, is all about the data. Many of you, like Geer, have known this. Still, innovations like cloud computing only have driven this point home even harder. This fact was discussed at length during a session at February's RSA Conference in California.
As Executive Editor Dan Kaplan reported, IT security leaders, like Eric Litt from General Motors, discussed how such gaping holes will see security providers adapt their solutions. For example, better data classification, deep-packet inspection, cloud-related risk management, identity authentication and other tools will evolve to address these needs. And, more importantly, executives likely will show some willingness to accept the additional expenses required to deploy these evolved security solutions as they experience cost savings and increased productivity by relying on the cloud or mobile devices.That's an optimistic statement. But, there's reason for it: Even more heartening than our information security leaders and solution providers staying on the cutting-edge both in creating strong security solutions and deploying them, was the fact that many more of these same pros were at RSA this year. Let's recall that over the last two years, crowds seemed sparser than normal and enthusiasm low. This year, there was a vibrancy to the event and people there, which seems an indicator of things looking up. In the least, it is a trend moving us in the right direction. Based on many of the discussions at RSA, this bustling enthusiasm in the industry – seemingly long laid dormant by massive budget cuts, layoffs and overall market uncertainty – is a welcome reprieve for many affected vertical markets. It is a reason for optimism…as long as it lasts, that is.