- Related Stories
Unlocking security at RSA 2007February 12, 2007
Security gets mainstream attention at RSAFebruary 5, 2007
PayPal to offer password key fobs to usersJanuary 11, 2007
EMC to buy RSA for $2.1 billionJune 29, 2006
RSA: Microsoft to shelve token support in VistaMay 2, 2006
RSA snaps up authentication software makerApril 24, 2006
RSA to test new Web authentication serviceOctober 14, 2005
Companies urged to move beyond passwordsSeptember 14, 2005
The RSA president sees the security industry finally moving from defending the perimeter of a network to actually locking down the data within, he said in an interview. It is a message he has been repeating for years at the RSA Conference, but this year, he expects to see evidence of a response.
Coviello's words matter. Not only because he's spotted a shift that's important in a world where data breaches make headlines almost every day. His company, taken over last year by storage giant EMC, also exemplifies the ongoing consolidation and maturation of the security industry.
But not all of Coviello's predictions come true. He used to hope for a mass market for devices like its key fobs, which generate one-time passwords. Coviello still believes such passwords will go mainstream, but not necessarily through tokens.
Security rights and wrongs
Is security boring? RSA President Art Coviello gives an artful answer.
Where are all the tokens?
Coviello still believes one-time passwords will go mainstream.
Yet, while some pundits say the coming of age of information security makes it boring, Coviello disagrees. The 16th annual RSA Conference, which gets under way on Tuesday, will show signs of energy and excitement in the sector, he told CNET News.com on the eve of the industry's biggest showcase.
What do you think will be most exciting about this year's RSA Conference?
It is just the energy. A lot of the discussion though will be around this change from static solutions to dynamic ones. You will also see a tremendous amount of emphasis associated with data protection. We can no longer rely on just perimeter defenses; we have to get it protecting the information itself. You are going to see a lot of discussion about encryption. And encryption is great; it is basically the soul of RSA.
Every year, you speak about the state of the industry in your keynote address. What's your message this year?
It is time for the industry to transform itself. That transformation is actually already under way. It involves migrating from the more static perimeter defenses we have had in the past, to ones that actually follow the information itself.
When you talk about industry consolidation, as has occurred over the last year with ISS and RSA, I think what you're starting to see is that transformation--the fact security needs to be integrated into products, and products need to be more secure in the first place.
Some analysts say that's actually making security boring. Do you agree?
I think that's baloney. It really doesn't get to the heart of the issue. It is not whether it is boring or exciting. Ideally, it would be seamless and transparent.
What's happening in this transformation is that security is being recognized as an important part of the overall information infrastructure. But that doesn't mean that there won't be standalone security applications--there will have to be--but they will most be woven into the fabric of that information infrastructure.
Do you have a call to action for the industry?
The call to action is to focus on the information and less on the perimeter and to focus on the fact that information has this nasty habit of wanting to travel. We have been engaged in defense and protection, what we should be engaged in is offense and enablement, and that's going to be a radical shift. I have been preaching this for years, but I think it is finally about to happen.
People need more access to information. Things like Web 2.0 type initiatives are creating opportunities for businesses to do more online than ever before, and they can't do that if they can't do it with confidence. That's where security comes in.
RSA was acquired by EMC in the past year. How is its business changing, as part of EMC, to deliver on this call to action?
First of all, RSA is alive and well within EMC. We have gone through a fairly extensive integration process. We have been able to do that in the first four months of the acquisition without skipping a beat.
EMC, with its massive resources, gives us the ability to take a wider view of security. An example of that, we were presented on day 1 with an acquisition EMC had done of Network Intelligence, an incident and event monitoring company. Having that capability allows us to expand what we do.