There was an overall theme to the first three keynotes - a need to change the security models from (perimeter) defense based to "intelligence based" model. Art Coviello (Chairman, RSA) introduced the theme, with a focus on changing security to be more agile, contextual, risk based and the need to share and analyse information on scale.
Tom Heisner (President, RSA) followed expanding the themes, with an insightful comment on the Moore's law equivalence in security; the cost of attacks have reduced while the complexity of attacks have increased. Both speakers were hugely critical of compliance based regulatory regimes which are sometimes contradictory, and often provide a false sense of security.
Francis deSouza (Symantec) followed the theme with a focus on the need to be more "militaristic" in IT security. His argument was that you can't win a battle on purely defense, and security strategies and solutions need to consider the whole campaign and not just point vectors. In this regard, defense mechanisms also need to be "great" and not just good to be effective.
Adrienne Hall (Microsoft GM for trustworthy computing) focused mainly on cloud adoption, though was a bit out of sync on the earlier theme. Hugh Thompson, was also out of sync, but did raise a different perspective - security solutions currently are a "one size fits all" solution, and are not catered for individuals, so are either too complex or too simple; and are basically both ineffective. To create a security profile that is really personalized will be difficult, but would be a very interesting approach in becoming more secure.
No comments:
Post a Comment