RSA EMEA Summit: Writing a security strategy that will make Vivaldi proud

Richard Nichols, RSA's head of EMEA strategy compared playing the violin to conducting an effective security strategy, to encourage businesses to harmonise security strategy and promote greater visibility of threats on the business.

 Richard Nichols, RSA’s head of EMEA strategy
Richard Nichols, RSA’s head of EMEA strategy

Richard Nichols, RSA's head of EMEA strategy addressed Wednesday's RSA summit by comparing playing the violin to conducting an effective security strategy.

It's not a coincidence that RSA chose to open the keynote session with a dramatic violin solo. Nichols explained his thinking: “For the violin to sound as beautiful as it does, you need all five strings to be in place and tuned properly”.

Perhaps a tenuous link, but an encouraging thought nonetheless. All of this was to convey that RSA would like to arm its customers with the tools to be more bold in business and take more risks, which will in turn promote business growth.

Spurred on by legislation like the General Data Protection Regulation (GDPR), digital threats such as phishing, keyloggers and zero-day attacks - compounded by less malicious threats to a company's network - Nichols says that businesses need to ditch the current ‘siloed' approach to security.

The siloed approach - in case you were wondering - is Nichol's way of describing the typical business which is caught up in the day-to-day whirlwind of business itself. Too busy to patch and spending 80 percent of its security budget on prevention and detection response technology.

According to Nichols, this kind business is likely to be fighting fires, focusing on immediate threats and have siloed strategies. So, no harmony between colleagues and by extension - no beautiful violin sound.

So how does a business get past this sort of phase? Nichols says it is all about being “business enablers, not prohibitors.”

The answer, according to Nichols, is all about visibility to help manage the known and unknown risks through a converged set of data sources. Improved threat analytics capabilities, to allow for identity assurance and governance.

With that note, the room ran off to write it's next symphony …. Er …. Security strategy.