True tales of San Francisco
Editorial: Support from an unexpected ally
It's nice to be proved right. Delegates returning from the RSA Conference 2008 will have duly reflected on the message that was hammered home by speaker after speaker: what the CSO says and does now needs to be taken extremely seriously by the boards of the world's leading companies and beyond.
Basking in the brilliant sunshine of a San Francisco spring, the 30,000 or so delegates attending the RSA event last month were left in no doubt about the changing nature of their jobs and the environment in which they work.
In the pages of SC magazine we have been preaching the same message over the past two years. We may have been criticised in some quarters for making the shift from technology to practice, but now the world's biggest information security conference is moving with us. Our sector is growing up; developing into a real profession and the shift is permanent.
The hundreds of vendors that still pack the RSA exhibition floor are testament that a profession will always need its tools, but the word from many delegates was that much of the technology was often a case of same old, same old. Much of the hardware and software is becoming commoditised, and for information security professionals it's a bit like dipping into the stationery cupboard for some envelopes or a couple of biros.
It was away from the exhibition though that the real "right stuff" was being talked about. Here speakers and delegates spoke of little else but the need for recognition, the need for the C-suite to engage and for the corporate world to focus on the expectation and behaviour of employees.
Paradoxically, while the show floor was light on technical innovation, changes in the use of IT, particularly in personal use of mobile devices and the web, is having a major and rapid effect on the way CSOs are going to have to work. Some of this isn't even understood yet, it is changing that rapidly. The challenge for CSOs was to get this message to the business leaders.
Fortunately, there is a simple way to adapt to the new world of work - focus on the data and decide what is important to protect.
This was probably the most radical message. The war on malware, while not lost, can never be won. Instead, prepare for a new paradigm - one where malware is ever present, and it may kill some of your data. But what CSOs and their employers need to ensure is that the data they lose is expendable. All of this falls under the all-encompassing term data-centric computing - a term used a lot at RSA. Get this right and it becomes the backbone of secure business for the decade ahead.
It also forms part of the message given out by the imposing man on our cover this month: Shlomo Kramer. His company, Imperva, was founded to capitalise on this shift some years ago and now looks set to reap the benefit as it provides solutions to those businesses that have most to gain by protecting highly sensitive data such as financial institutions. You can read more about what makes our CEO of the Year tick on page 22. He was right and so was this magazine.