ENX Magazine Business Profile

I think the following statement from Verizon sums up the environment of the data explosion and the impacts of convergence of wired and wireless networks on premise storage and cloud, devices, applications, structured and unstructured data and ultimately the ability to access all of this from anywhere on the globe. “The rise of the global business has created new and more complex security concerns. Instead of merely containing information and securing the perimeter, you’ve opened your networks and data to partners, suppliers, and mobile workforces around the world. When it comes to securing those interests, you can’t trust just anyone.”

I recently had the opportunity to spend the week in San Francisco at RSA, the largest security conference in the world, put on by the Security Division of EMC. This conference over the last five years has grown faster and larger than any other conference that I am aware of. There were 23,000 attendees this year representing virtually every type of Government entity (Federal, State, Local and even International Governments), standards bodies, enterprises of all sizes and types, as well as non-profit and education. Finally, the number and types of exhibiting companies and speakers that are present are so diverse that I can’t possibly describe them in the space I have for this article.

As I was thinking about what to write about RSA and the broader security market, it became very apparent to me that neither I, nor anyone else, can do it justice in one article. So I decided that I would start by outlining the key themes and major takeaways from my week and then weave more of the information and detail into future articles.

Let me start with the major takeaways:

• Data Theft is a really big business and growing like crazy. Don’t kid yourself; it is a business that is being invaded by all levels of organized crime, companies stealing trade secrets, unethical employees and partners and even governments.
• If Data theft is growing like crazy, so is data theft protection (every time crime occurs and grows, so does crime prevention).

• It is all about money!! Yes the vision of the nerdy looking hacker (my apologies for the stereotype) is in many people’s minds, but don’t be naïve. Even though they still exist this is all about big dollars and power, because information is power!

• It is an extremely complex issue with many dimensions. That said, no organization can afford to ignore it. That makes it even more important to create a culture and longer term strategic approach to protect critical information for you and your customers.

• The people representing the companies that read ENX Magazine are right square in the middle of the document/data security challenge as you are driving and managing a great deal of the documents, files and processes that are at risk.

• Your businesses are going to have to evolve to protect and benefit from this enigma.

• It is an industry that is just going to get larger and provide more opportunity for those who carve out a space for themselves.

• Companies are cutting expenses and people, and in many cases, that involves cutting corners and losing skills, which expand risk.

• Many Chief Information Security Officers (CISO’s) are being cut in this environment of cost control. What is interesting though is the demand for skilled consultants and security expertise is growing. There is not enough talent, skill and domain expertise available to fill the gaps.

• No one “expert” knows it all. It requires a combination of knowledge and focus on critical information, processes, people and technology to create the right secure environment.

• The print, scanning, copying, faxing, MPS, document to file conversion and data/file transport areas are very susceptible to data breaches. With that risk also comes opportunity!

• There is a huge amount of money, resources and effort being spent protecting the network and deploying virus and malware tools but definitely not enough being done around protecting the documents, electronic files and the meta-data contained within them.

Here is the biggest challenge: The words governance, compliance and security have very negative perceptions. Sometimes when you use those words you feel like you are standing in the middle of a crowded room screaming out four letter words. People can’t get away from you fast enough.

When you spend your time around 23,000 people discussing security, you get a real feeling of why. The convergence and the speed at which all aspects of technology are accelerating, and the rapidly expanding number of people exploiting this convergence unethically, is requiring a major cultural shift. This shift is creating major struggles between the day-to-day needs of an organization and the need to focus time and resources to protect critical information.

Here is the reality. Although over hundreds of years the technical world of moving and managing data has changed, the goals haven’t. The reality is that all people are looking for is access to the information they want and need, in the format they want it in, where they need it in a timely and secure manner. If you think back even to the pony express and stagecoach days (and even before that), then the evolution to mail carriers, express mail and package delivery, fax, e-mail etc. it’s all focused on accomplishing the statement above. The only thing changing are the methods to do it.
What is also interesting is even back then when people felt that information had value, they would find ways to unethically get it. They robbed Pony Express riders and stagecoaches, didn’t they?

Information security is a complex, morphing, living threat that really has not been a focus from an organizational perspective for very long. The result is most of the regulatory compliance requirements and internal processes are new. There is also very few organizations that have taken a cultural approach to this with their people building it into their recruiting, training, succession and performance management, so many of the people that design and manage these processes lack experience and expertise. Companies in many cases have taken a controlling and restrictive approach making it challenging for functional group owners to execute, and in many cases there is a significant lack of communication and dialogue with the key business leaders, ultimately creating complexity to the discipline of protecting critical information.

So if you don’t think Information Security is a big issue and a big business let me give you some idea of the types of companies, topics and people who were involved at RSA were (and understand this is a very small sample of each):

Sample of over 2700 companies presenting and with booths:

• Ricoh - copiers, printers, scanners, faxes, MPS etc.
• Toshiba – copiers, printers, scanners, faxes, MPS, laptops etc.
• HP - copiers, printers, scanners, faxes, MPS, computers etc.
• Fasoo.com, Inc. - digital rights management (DRM)
• EMC - enterprise content management (ECM) and data storage
• Verizon - voice, data and video carrier
• AT&T- voice, data and video carrier
• McAfee an Intel Company - anti-virus and malware protection
• Lieberman Software - privileged access
• Viewfinity - privileged management
• Yubico - authentication, HSMs, secure remote access
• TeleSign - cell-phone based authentication solution
• KOBIL - Mobile application security, cloud security and authentication
• OATH - Initiative for Open Authentication (royalty-free standards, OTPs)
• DeviceLock - endpoint security and data leak protection
• NagraID Security - smart cards for secure payment, secure banking
• SPYRUS - secure pocket drives
• DataLocker - encrypted hard drives, secure CD-Rs and DVD-Rs

Sample of Sessions & Topics:

• Discussion and Q&A about the new National Cybersecurity Center of Excellence, National Strategy for Trusted Identities in Cyberspace (NSTIC), NIST Smart Grid standards development efforts.
• Panel, Joining Forces: The Public-Private Imperative in Cybersecurity
• Continuous Monitoring for Federal Agencies: Challenges and Opportunities
• Government Cybersecurity Special Forum: NSTIC and Fighting Botnets Meeting
• Security from the Client to the Cloud
• The Urgent Need for a More Effective Approach to Security
• The Digital Native: Shaping Tomorrow’s Security Today
• Sustaining Trust in a Hyperconnected World
• Protecting Business in the New Order World
• Lock It Down or Free It Up?
• The Social Animal

Sample of Speakers:

• Tony Blair, Former Prime Minister Great Britain and Northern Ireland
• Patrick Gallagher, Under Secretary of Commerce for Standards and Technology and NIST Director
• Howard Schmidt, White House Cybersecurity Coordinator
• Patrick Gallagher, Under Secretary of Commerce for Standards and Technology and NIST Director
• Richard Hale, Deputy CIO for Cybersecurity, Department of Defense
• David Brooks, New York Times Columnist, Author and PBS Commentator
• Debora Plunkett, Director, Information Assurance Directorate, National Security Agency
• Mark Weatherford, Deputy Under Secretary for Cybersecurity, Department of Homeland Security
• Phyllis Schneck, VP & CTO, Public Sector, McAfee, an Intel Company
• Donna Dodson, Chief, Computer Security Division & Acting Executive Director, National Cybersecurity Center of Excellence, NIST
• Stewart Baker, Partner, Distinguished Visiting Fellow, Center for Strategic & International Studies, Steptoe & Johnson
• Jason Healey, Director of the Cyber Statecraft Initiative, The Atlantic Council
• Jenny Menna, Director, Critical Infrastructure Cyber Protection & Awareness, Department of Homeland Security
• Gib Sorebo, Chief Cybersecurity Technologist, SAIC
• Ron Ross, Senior Computer Scientist, NIST
• Jasvir Gill, CEO & Founder, Alert Enterprises
• Scott Cogan, Strategic Alliances, RSA
• Andy Ozment, Director for Compliance & Technology, Department of Homeland Security
• Jeremy Grant, Senior Executive Advisor for Identity Management, NIST
• Michael Barrett, Chief Information Security Officer, PayPal
• Jim Dempsey, VP for Public Policy, Center for Democracy and Technology
• Kaliya Hamlin, aka Identity Woman, Personal Data Ecosystem Consortium
• Craig Spiezle, Executive Director and Founder, Online Trust Alliance
• Peter Fonash, Chief Technology Officer, Department of Homeland Security
• Ari Schwartz, Senior Policy Advisor, Department of Commerce
• Cheri McGuire, VP Global Government Affairs & Cybersecurity Policy, Symantec Corporation
• Max Weinstein, President and Executive Director, StopBadware
• Michael O’Reirdan, Chairman, Messaging Anti-Abuse Working Group

OK, so you’re now probably thinking why the heck did he barrage me with these lists of companies, topics and speakers? My intent is to get you to understand the magnitude of risk, dollars and organizations engaged in this space. With that kind of horsepower being put into protecting information, and on the other side even more focus and effort everyday to steal it, the opportunity to extend your business is phenomenal.

In closing, you may think, “This is way beyond my organization’s scope, capability and resources.” If you are, I encourage you to change your thinking, and look for initial opportunities to deploy within your organization and natural extensions to your business that you can offer in assisting your customers with this big challenge while growing your business, market share, revenue and profits. u

David Anastasi, CEO, eDocument Sciences LLC, . Prior to eDocument Sciences, served as President & CEO Captaris, Inc. acquired by OpenText in October 2008;, also currently Board Member of Onehub, Inc. eDocument Sciences partners with public, private, educational and government organizations securing their most important asset, mission-critical data. We assist in the development and management of Data Governance programs that focus on People, Processes, and Technology. We deliver results by matching technology, distribution and services companies focused on data security with each other, distribution partners and customers. Our focus is on delivering highly secure environments increasing productivity, scalability, and ultimately higher value. To contact David anastasi e-mail danastasi@edocumentsciences.com or visit www.edocumentsciences.com