Two weeks ago, I attended the RSA Conference along with more than 20,000 other folks. The energy at this year’s show was high, which was reflected in the mood, the traffic on the show floor and the long lines at the coffee bars. Judging by the keynote sessions and conversations around the show, one of the hottest topics at this year’s conference was the changing nature of enterprise security and the growing need to address the macro IT trends of bring-your-own-device (BYOD) and cloud computing.
In a keynote presentation on day one, Symantec President and CEO Enrique Salem pointed out that in the past enterprises pursued a strategy of lock down – an approach that won’t work in today’s more open and distributed environment. Salem stated that BYOD and expanded use of virtualization and public and private clouds have introduced more complexity and less control. Enterprises can’t control the devices that workers use to access data and applications, and with the expanded use of public and private clouds, they don’t always know what data is stored in the cloud, who can access it, and where that data physically resides.
Enterprises are clearly facing a new “wild west” of enterprise security, but where does the answer lie? I gleaned a couple of thoughts from the various vendors and pundits at the show. Enterprises must change how they approach security, advancing from a lock-down mentality to the ability to rapidly detect and respond to security risk in a more open. This means they must get better at interpreting the reams of security data they are gathering and must build more accurate models of risk that can be recognized as they occur.
RSA’s EVP Art Coviello described this new approach as intelligence-driven security. He pointed out that most organizations have “silos” of security tools – un-integrated products that generate a lot data and importantly, too much meaningless data. In order to deal with today’s open and complex IT environments, Coviello said, organizations need risk-based, agile and contextual security. They must bring together security information from a variety of sources and apply risk-based algorithms to rapidly discern threats.
A lot of what was said at this year’s RSA Conference strikes at cord with all of us at SailPoint. Our risk-based approach is designed to strengthen and focus the controls – to ensure that sensitive applications and data in the datacenter or in the cloud are protected. We believe integration with adjacent security tools is key in effectively managing risk. For example, IdentityIQ can import event data from SIEM tools like Novell Sentinel and HP ArcSight, correlate this information to the individual user, alert managers based on policy and risk scoring, and facilitate remediations.
Last month, we announced integration with Symantec Data Loss Prevention, allowing our customers to manage DLP policy violations with user and access privilege context and making it easy for them to remove inappropriate access. Our aim is to give our customers the big picture, to help them better manage the security complexities in today’s increasingly open and distributed technology environment.