Q&A: The cybersecurity challenge -- How do the good guys win?
Q&A: The cybersecurity challenge -- How do the good guys win?

Dave Dewalt, CEO and president, McAfee

Q. What are the best ways organizations can address compliance and data security issues this year, given the challenging economic climate in which we all find ourselves?

A. In an environment where cost containment is critical, it's not a valid option for most organizations to purchase additional infrastructure such as consoles, agent technology, software distribution and reporting tools. Companies must look for ways to simplify IT audits and demonstrate compliance. McAfee recently released Total Protection for Compliance, to simplify IT compliance coverage with agent-based and agentless technology and a consolidated infrastructure.

Q. What problems or challenges is your company facing in the face of a declining economy and how are you and your executives going to overcome these?

A. I think virtually every company is feeling the effects of the economy. Security, however, is one area where organizations can't afford to cut corners. As a result, McAfee is performing better than many companies in the technology sector, and analysts are saying it will continue to do well. As long as we continue to execute, and innovate to meet customer needs, I feel confident in our future.

Q. According to SC Magazine's research and many experts in the industry, the information security market may not see as difficult a time in this degraded economy as others since protection of data has become so critical to bottom lines. What are your thoughts on this?

A. Well, that's certainly what we're seeing. In the news, we continue to see major data breaches, such as Heartland, that are causing major damage to stock values and corporate reputations. We're seeing a dramatic change in the landscape with IPv6, triple-play to the home, and connected devices. Now, basically anything with an IP address can be attacked by the bad guys. Cybercrime groups are growing increasingly sophisticated and more distributed globally, and it's very difficult to track them down and trace them. Massive layoffs are exacerbating the situation, particularly when the layoffs are global and we don't have equal intellectual property protection around the world.

Q. Speaking of data protection, we're still seeing a great many exposures of personal and critical information, the most recent and largest being the Heartland incident. Where do companies keep making the biggest mistakes in protecting their customers' data?

A. With the layoffs, you have employees at all levels leaving companies. It creates another scenario where they take data or unwillingly compromise data. They have portable information on phones, laptops and at home. Companies need to have strict policies in place for network access and use encryption extensively. They need to ensure that sensitive data can't leave the organization whether by accident or on purpose.

Q. As we move through 2009, what will be the biggest threats IT security practitioners will need to be mindful of and what are the ways to best address these?

A. In addition to risk and compliance and data protection, network security will be critical this year. There are several ways into a network, and professionals need to make sure they're closing all the holes through email security, Web security and intrusion prevention. As you can see, these technologies add up very quickly, which is why it's important to be able to manage them through one console, the way we allow customers to do with ePolicy Orchestrator.

Q. What about the newest technological advances that companies are taking advantage of, such as virtualized environments or cloud computing, and other newer ways to conduct business -- how should the ensure they are managing their data safely and securely?

A. No security vendor has done more with virtualization or cloud computing than McAfee. As economic conditions worsen, and companies seek new ways to cut costs, technologies like virtualization become more attractive. Virtualization can reduce costs in multiple ways, through hardware consolidation, power reduction, decreased space and cooling requirements and reduced IT staff time. However, when considering a move to virtualization -- especially when the move is accelerated to cut costs -- IT managers sometimes don't consider security, or consider it as an afterthought. McAfee delivers leading integrated security solutions for virtualized environments and provides security assessment services specific to virtualization.

We see cloud computing as an increasingly popular way to deliver security, and have literally re-aligned our business to meet this need. In February, we announced a SaaS business unit designed to help customers deploy security as a service, and make sure they have the tools to grow to meet future needs.

Q. If there's one thing security practitioners and their bosses should be mastering when safeguarding their business, what would you say it is?

A. I'd say being efficient. Everyone has limited resources, and there are so many ways that a network could be compromised. The ability to manage all of their security products in one environment gives security practitioners that efficiency.