Last week at EMC's Global Partner Summit, security division RSA told the channel that there was a big opportunity for them to ease customers' security concerns.
RSA's chief executive Art Coviello (pictured) said the market is "angry and confused" with the increasingly changing state of security, and later on in the conference, he opened up further about what is happening and how VARs can help.
Coviello on... the key issues facing the security market at the moment:
Believe it or not, we almost have too much awareness [of security risks]. Awareness is not necessarily a bad thing, but what we don't have accompanying [it] is a good level of understanding. Hardly a day goes by that you don't see some article about a breach, a credit card stolen, [a] website defaced; but we never quite get it in perspective.
We in the industry do a lot of this stuff to ourselves. In other words, we overhype the situation. [The] former [US] defence secretary [Leon] Panetta would say ‘we are in danger of a cyber-Pearl Harbour' – really? I have been hearing cyber-Pearl Harbour since 2001 and it is almost one of those things like the boy who cried wolf. When the wolf ultimately came, no one listened to the boy any more.
The impact new technologies are having on security
It is the attack surface that is emerging more and more as a problem for us. When Paul Maritz, Pat Gelsinger or Joe Tucci get on stage and talk about the opportunities for big data and mobility and how exciting it will all be, if you're in security, you get a migraine. Because all that represents to us is a continuing broadening of the attack surface.
Compounding that is the threat environment, and the combination of those two means the model of security we have used for more than 20 years – since the first virus appeared – is obsolete and that we need to adopt a new model. RSA is leading the way of the adoption of that model with our tech and point of view.
What the future holds
Once we get to 2020, all that unstructured [and structured] data is going to be a rich opportunity for companies to mine that data and do great things with it. But it also represents a treasure trove of opportunity for attackers to go after that very information... as soon as you introduce a web application, you create an opening into your infrastructure.
In 2013 the common [phrase] is ‘there's an app for that', and by 2020 there will be big data applications everywhere mining that rich content. This year there are roughly 2.4 billion people connected to the internet through PCs and mobile devices, [and] there will be another billion devices connected this year – cars, vending machines, smart meters. By the end of this decade, there will be 200 billion devices connected [to the internet].
We are beginning to see how wide the attack surface is getting... this is the biggest problem we face as security practitioners. The threat environment is getting a lot more hostile.
How security attacks are changing technically
In 2007 we were worried mostly about intrusion attacks but one of the interesting things about the threat environment is that malware has not significantly changed. All malware in the world today is mostly the same stuff being recycled, basically to evade increasingly ineffective virus controls. The difference in the threat environment is the threat methodology.
Malware that these criminals [use] is so pervasive and prolific that it is gathering so much data that criminals have a big data problem! Don't you feel bad for them?
Whether resellers are ready to embrace RSA's new model and products
I would say the answer is yes and no. When you talk about transformation, Joe [Tucci, EMC's chief executive] talks about going from platform two to platform three; we are seeing indications of lots of resellers grasping that they have to change. They have to change delivery models and have more and more specialist expertise. Many of our resellers and partners are making this move, but I suspect some won't make the move fast enough.
Our job is to educate them and help them make the move because, many of those service providers will be extremely important to compensate for the skills shortage that I talk about. It's a mixed result at the moment.