RSA 2019: 3 provocative ideas security professionals should be talking about right now
SAN FRANCISCO — VMware CEO Pat Gelsinger came out strong by saying that security companies have collectively failed their customers.
“We have not met up to the expectations of our customers, their spending rose on security and we still have an increased rate of breaches,” Gelsinger said. “We need to make radical steps, far beyond the incremental gains we’ve been making.”
Acknowledging that they are provocative, Gelsinger laid three things he said security executives should be thinking about right now:
- The biggest threat to security is the hyper-focus on security threats. “This is one of our greatest weaknesses and it has us from building more capability because we keep rushing into a domain of diminishing returns,” Gelsinger said.
- Application awareness lacks awareness of applications. Gelsinger pointed to the modern hardhat, which not only protects a wearer’s head but also is a rich network of different services, potentially including a 2-decade old database of building code, for instance, with new AR and VR capabilities as an example that both works and shows were apps are headed. Vendors have to advance their products along similar, contextually-aware lines. “How do I get to be application-centric?” he asked.
- Your most important security product wound be a security product. Whereas the typical company may 2 server vendors, a couple storage vendors, 4 networking vendors, it can have as many as 250 security products, Gelsinger said. Thus, the need to halve that number, they halve it again, until it reaches a more reasonable, and manageable, level. “Complexity is killing us,” Gelsinger said. “We need to reduce the attack surface instead of chasing the latest threat.”
Shannon Lietz, Director, Intuit agreed that reducing the attack surface is an important step.
“There’s a lot of awesome tech out there but we’ve gotten to a point where complexity is the enemy of security,” Lietz said. “With so many boxes and so much breakup it means that people and context cannot come together. For me that’s a flaming mess. We have to come up with a different approach.”
Hottest news and views from the premier cybersecurity conference. See our full coverage right here.