Art Coviello, President of RSA and Executive Vice President of EMC Corporation, talks to Computerworld's Siobhan Chapman about enterprise threats, IT security spend and the rising threat posed by social networks.
This year has seen a multitude of lost and unsecured laptops leading to data leakages. Will enterprises ever learn?
Enterprises are beginning to get to grips with a fundamental truth: that they cannot expect users to do the right thing at all times with company data. It is too much of a burden on users to expect them to be the primary stewards of corporate security policy over their laptops, desktop PCs and mobile devices. As a result, enterprises are turning to data loss prevention solutions that are designed specifically to combat this problem without the need for user intervention. Using this approach, corporate policies are pushed thorough the fixed and mobile environment and can actually help decide, based upon the type of data, on what to allow and what not to allow. With this in place, you can determine what is safe and permissible, what is unsafe and should be prevented, or what is risky but requires administrator alerts.
This type of technology puts the responsibility and burden of control of sensitive company information in the hands of security professionals - and not onto the end-users. The infrastructure needs to be able to protect itself and the data that transacts through it. You will be charged millions for embarrassment, but not one cent for defense.
Should companies be more open about whether or not they have had a data security breach and the damage caused?
The reality is that many organizations today are still not in a position to determine exactly what has transpired - or to what extent - when a breach occurs. This is because they are often not equipped with a complete view of all the data that is produced by, stored in or that passes through their network in the first place. It's a major issue, but a critical one if businesses are to gets their arms around the digital explosion and get themselves into a position to manage the data they have holistically and appropriately. I would like to see companies focusing their efforts on clearing this hurdle and managing their complete information landscape according to the specific, associated risks.