RSA's Coviello Predicts Security Consolidation - InformationWeek
Software // Enterprise Applications
03:22 PM
Connect Directly

RSA's Coviello Predicts Security Consolidation

Security has been too focused on imposing limits rather than lifting them, according to Coviello.

Speaking before a packed house of computer security professionals at the RSA Conference in San Francisco, Art Coviello, president of RSA, the security division of EMC, on Tuesday predicted the demise of the standalone security industry within three years.

"The value of security as a standalone solution is diminishing," Coviello said.

Security, said Coviello, has been too focused on imposing limits rather than lifting them, never mind that this mantra has been used by many companies to explain how they'll adapt as collaboration and connectivity replace walls and silos. "Security needs to be inextricably linked to business strategy," he said.

Coviello pointed to the acquisition of ISS by IBM and EMC's purchase of his own company as a sign of things to come. And as if to hammer home the point, RSA said on Tuesday that it had agreed to acquire Hyderabad, India-based Valyd Software and to establish strategic partnerships with security companies CipherOptics, Decru, NeoScale Systems, and Epicor|CRS.

For those who have been paying attention to Microsoft's security acquisitions and its considerable efforts to build security into its new Vista operating system, or to Symantec's objections to Microsoft's moves, the writing has been on the wall for some time: Security is becoming the province of the big infrastructure players like Cisco Systems, EMC, IBM, Microsoft, and Oracle.

Coviello arrived on stage following Microsoft chairman Bill Gates -- and he risks matching Gates' record as predictor of the future. Recall that in 2004, Gates predicted "spam would be solved" by 2006. At the 2004 RSA Conference, Gates also said passwords would fade away, an assertion repeated at the 2006 RSA show, in three to four years thanks to Vista.

But Coviello's foresight is more firmly grounded in hindsight, given that security industry consolidation is readily evident and that the traditional model of perimeter protection has largely been supplanted by a defense in depth strategy.

"Static solutions aren't enough for dynamic attacks," said Coviello. To support his point, he spoke of the professionalized, profitable cybercrime industry. There's a $1 billion market for stolen identities, he said, citing IDC research. Malware has risen by a factor of 10 in the last five years, he said, citing Yankee Group research. And the antivirus industry catch rate of 70% isn't good enough, he said.

That's fairly convincing stuff. It's certainly enough to motivate ongoing security spending, for those unmoved by ongoing data breach headlines. But it remains to be seen whether the cure is worse than the problem. The approach to security that Coviello described -- an information-centric strategy in which data and networks are protected at all times by layered, active defenses -- sounds more like a hindrance to productivity than something that will get more information to more people at the right time.

Coviello's vision could be described as ubiquitous, always-on digital rights management, and, true enough, something of the sort could keep data safe. But it also could keep data from being useful. Simply put, the inherent tension between access and control won't be resolved through mere mergers.

Adding the digital equivalent of guard dogs, bodyguards, cameras, motion sensors, ID checks, and bear traps to corporate networks may instill a sense of security. Just don't count on getting anywhere with ease.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll