SlideShare une entreprise Scribd logo

Art Coviello's Predictions for 2015 on state of information security.

E
EMC

This open letter articulates Art Coviello's 2015 predictions for the state of information security.

Technologie
1  sur  3
Télécharger pour lire hors ligne
Greetings, As I reflect on the year that has passed and think forward to the year that is to come, Charles Dickens’ timeless words come to mind, “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us, we were all going direct to Heaven, we were all going direct the other way.” Can you imagine a more apt description of the times in which we are living and the dichotomy between all of the technology innovation we enjoy and the oppressive cyber threat under which we live? The best of times… In 2014, mobile and cloud technologies continued to make our lives more efficient, more productive, and generally better. Mobile is rapidly catching up to PCs as the preferred means of interacting with the digital world – mobile Internet traffic is predicted to account for more than 30% of total Internet traffic by the end of the year (KPCB), which represents a doubling of mobile traffic over the past 18 months. If you eliminate passive Internet traffic like streaming, mobile’s rising dominance is hard to dispute. Mobile technology itself continued to evolve from being something we hold to being something we wear, with the 2013 buzz around Google Glass giving way to buzz around smart watches in 2014. But as pervasive as mobile has become, it is nothing in comparison to the Cloud. Upwards of 90% of organizations (CompTIA) and 90% of Internet users (BI Intelligence) are now relying on the Cloud for easy, inexpensive, and ubiquitous access to storage and services. The Internet has evolved from being the connection to storage and services to being the location of storage and services. The worst of times… Despite technology’s advances, however, the risk of our increasingly digital existence was brutally apparent during yet another “Year of the Breach.” Many retailers and financial services and healthcare organizations experienced damaging breaches in 2014, despite having what were considered strong security programs in place. The fact that our pool of adversaries extends beyond criminals and hacktivists was further driven home by the growing sophistication and sheer number of nation-state cyber-attacks. For the first time, those dubious nation- state cyber activities began to create real-world diplomatic crises (e.g., the escalating tensions between the U.S. and China). Speaking of the public sector, the U.S. National Institute of Standards and Technology’s work with industry resulted in the launch of the Cybersecurity Framework, which was a positive step forward in providing a common foundation for intelligently approaching today’s cybersecurity challenges, but little other real progress was made by the world’s governments. The Snowden revelations of 2013 continued to polarize the privacy debate and stymie the critical information sharing legislation we need to collectively secure our companies, industry and economy. RSA Security LLC T 781 515 5000 174 Middlesex Turnpike F 781 515 5450 Bedford, MA 01730 www.rsa.com
So with that as the backdrop, what can we anticipate in 2015? 1. Nation-state cyber-attacks will continue to evolve and accelerate but the damage will be increasingly borne by the private sector – In 2014, nation states around the world increasingly pushed the boundaries of acceptable cyber assault to control their own populaces and spy on other nation states. With no one actively working on the development of acceptable norms of digital behavior – a digital Hague or Geneva Convention, if you will – we can expect this covert digital warfare to continue. Increasingly, however, companies in the private sector will be drawn into this war either as the intended victim or as the unwitting pawn in an attack on other companies. 2. The privacy debate will mature – We’re beginning to see a softening of the current polarized environment in the U.S. and Europe as people recognize that privacy is under attack from and being defended by a more varied and complex set of actors than the current debates would lead you to believe. It is increasingly recognized that privacy is not a monolithic concept and that it cannot survive apart from security. A more pragmatic, balanced debate about how to secure our privacy will ensue in 2015 and the prospects for responsible privacy policies and intelligence sharing legislation that would better protect our privacy may improve. One test of this prediction will be the outcome of the EU General Data Protection Regulation, which may reach a final form in 2015. 3. Retail is an ongoing target and Personal Health Information (PHI) is next – As a result of the numerous retail and financial services breaches in 2014, organizations who handle payment card data are strengthening their defenses and shortening the window of opportunity for cybercriminals, making them a less lucrative target. Unfortunately, the retail sector is massive and worldwide and will continue to be a target-rich environment. In 2015, however, well-organized cyber criminals will increasingly turn their attention to stealing another type of data that is not as well-secured, is very lucrative to monetize in the cybercrime economy, and is largely held by organizations without the means to defend against sophisticated attacks – personal information held by healthcare providers. Unfortunately, we are likely to see another series of very public breaches before many providers improve their security to effectively deal with these threats. 4. The Internet Identity of Things – Despite the publicity that software and system vulnerabilities receive, they are becoming less lucrative for criminals than social engineering and other more easily executed “trust exploits.” I saw a tweet this year along the lines of, “who needs zero days when you’ve got stupid.” The increase of machine-to-human and machine-to-machine interaction will only exacerbate this situation. As such, the authentication and identity management and governance of who, and with the Internet of Things (IoT), what is accessing our networks and data will be an increasingly critical element of security in 2015. Get ready for the Botnet of Things. When you consider this trend, the strong growth of IoT in the healthcare sector, and my PHI prediction, the ramifications are truly scary. While we just had a change in the leadership of the U.S. Senate, I’m not hopeful that we will see a lot of change in the prospects for cybersecurity legislation in 2015. Though the subject is of critical importance for the future of all countries, it is complex and progress is difficult in the current geopolitical climate. In the absence of comprehensive legislation, industry regulators will step in to fill the void, creating a patchwork of new, potentially incompatible compliance requirements (Oh goody).
That being said, I am cautiously optimistic about the prospects for collaboration and collective progress in the private sector as companies and industries are recognizing that in the digital world, no one is an island. We’re more like an archipelago and we’re starting to build bridges. The recent growth of industry groups and Information Sharing and Analysis Centers (ISACs) is the proverbial rising tide that lifts all boats. The next step is for us to go beyond information sharing and band together – even across industries – to advocate for and lead the development of strong, global cyber policies. Because if we have learned anything over the past couple of years it’s that if anyone is going to get us out of this mess, it’s going to have to be us. May we all continue to make progress together in building a trusted digital world in 2015. Sincerely, Art Coviello H13746

Recommandé

Advance DNA sequencing
Advance DNA sequencing Advance DNA sequencing
Advance DNA sequencing Asheesh Pandey
 
Pivotal CF on Vblock Systems
Pivotal CF on Vblock Systems Pivotal CF on Vblock Systems
Pivotal CF on Vblock Systems EMC
 
Protectora d'animals_Xènia, Malina i Gemma
Protectora d'animals_Xènia, Malina i GemmaProtectora d'animals_Xènia, Malina i Gemma
Protectora d'animals_Xènia, Malina i Gemmamgonellgomez
 
Forex graphs
Forex graphsForex graphs
Forex graphsTravis Klein
 
Day 4 legal matters
Day 4 legal mattersDay 4 legal matters
Day 4 legal mattersTravis Klein
 
Thurs voting and monarchs
Thurs voting and monarchsThurs voting and monarchs
Thurs voting and monarchsTravis Klein
 
RSA Report: Bolware – Onyx Variant
RSA Report: Bolware – Onyx VariantRSA Report: Bolware – Onyx Variant
RSA Report: Bolware – Onyx VariantEMC
 
産後が起点となる社会問題とマドレボニータの紹介20150613
産後が起点となる社会問題とマドレボニータの紹介20150613産後が起点となる社会問題とマドレボニータの紹介20150613
産後が起点となる社会問題とマドレボニータの紹介20150613Maco Yoshioka
 

Recommandé

Advance DNA sequencing
Advance DNA sequencing Advance DNA sequencing
Advance DNA sequencing Asheesh Pandey
 
Pivotal CF on Vblock Systems
Pivotal CF on Vblock Systems Pivotal CF on Vblock Systems
Pivotal CF on Vblock Systems EMC
 
Protectora d'animals_Xènia, Malina i Gemma
Protectora d'animals_Xènia, Malina i GemmaProtectora d'animals_Xènia, Malina i Gemma
Protectora d'animals_Xènia, Malina i Gemmamgonellgomez
 
Forex graphs
Forex graphsForex graphs
Forex graphsTravis Klein
 
Day 4 legal matters
Day 4 legal mattersDay 4 legal matters
Day 4 legal mattersTravis Klein
 
Thurs voting and monarchs
Thurs voting and monarchsThurs voting and monarchs
Thurs voting and monarchsTravis Klein
 
RSA Report: Bolware – Onyx Variant
RSA Report: Bolware – Onyx VariantRSA Report: Bolware – Onyx Variant
RSA Report: Bolware – Onyx VariantEMC
 
産後が起点となる社会問題とマドレボニータの紹介20150613
産後が起点となる社会問題とマドレボニータの紹介20150613産後が起点となる社会問題とマドレボニータの紹介20150613
産後が起点となる社会問題とマドレボニータの紹介20150613Maco Yoshioka
 
Advertising wed
Advertising wedAdvertising wed
Advertising wedTravis Klein
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
2015 day 4
2015 day 42015 day 4
2015 day 4Travis Klein
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...EMC
 
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...Dr. Raju M. Mathew
 
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...EMC
 
Rethinking tax friday
Rethinking tax fridayRethinking tax friday
Rethinking tax fridayTravis Klein
 
DATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and Scales
DATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and ScalesDATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and Scales
DATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and ScalesRadiant Global ADC Vietnam Co., Ltd.
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Rene Summer
 
Thurs banking
Thurs bankingThurs banking
Thurs bankingTravis Klein
 
Risk Intelligence: Harnessing Risk, Exploiting Opportunity
Risk Intelligence: Harnessing Risk, Exploiting OpportunityRisk Intelligence: Harnessing Risk, Exploiting Opportunity
Risk Intelligence: Harnessing Risk, Exploiting OpportunityEMC
 
Computacion software
Computacion softwareComputacion software
Computacion softwareDIMAS NUÑEZ
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 

Contenu connexe

En vedette

New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...EMC
 
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...Dr. Raju M. Mathew
 
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...EMC
 
Rethinking tax friday
Rethinking tax fridayRethinking tax friday
Rethinking tax fridayTravis Klein
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Rene Summer
 
Risk Intelligence: Harnessing Risk, Exploiting Opportunity
Risk Intelligence: Harnessing Risk, Exploiting OpportunityRisk Intelligence: Harnessing Risk, Exploiting Opportunity
Risk Intelligence: Harnessing Risk, Exploiting OpportunityEMC
 
Computacion software
Computacion softwareComputacion software
Computacion softwareDIMAS NUÑEZ
 

En vedette (12)

Advertising wed
Advertising wedAdvertising wed
Advertising wed
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
2015 day 4
2015 day 42015 day 4
2015 day 4
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
 
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
BELLY DANCES AND INDIAN CLASSICAL DANCES - EMBEDDING EROTICISM, SPIRITUALITY...
 
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
 
Rethinking tax friday
Rethinking tax fridayRethinking tax friday
Rethinking tax friday
 
DATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and Scales
DATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and ScalesDATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and Scales
DATALOGIC Magellan 9800i - Multi-Plane Imaging Scanner and Scales
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013
 
Thurs banking
Thurs bankingThurs banking
Thurs banking
 
Risk Intelligence: Harnessing Risk, Exploiting Opportunity
Risk Intelligence: Harnessing Risk, Exploiting OpportunityRisk Intelligence: Harnessing Risk, Exploiting Opportunity
Risk Intelligence: Harnessing Risk, Exploiting Opportunity
 
Computacion software
Computacion softwareComputacion software
Computacion software
 

Plus de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

Plus de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Dernier

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 

Dernier (20)

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 

Art Coviello's Predictions for 2015 on state of information security.

  • 1. Greetings, As I reflect on the year that has passed and think forward to the year that is to come, Charles Dickens’ timeless words come to mind, “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us, we were all going direct to Heaven, we were all going direct the other way.” Can you imagine a more apt description of the times in which we are living and the dichotomy between all of the technology innovation we enjoy and the oppressive cyber threat under which we live? The best of times… In 2014, mobile and cloud technologies continued to make our lives more efficient, more productive, and generally better. Mobile is rapidly catching up to PCs as the preferred means of interacting with the digital world – mobile Internet traffic is predicted to account for more than 30% of total Internet traffic by the end of the year (KPCB), which represents a doubling of mobile traffic over the past 18 months. If you eliminate passive Internet traffic like streaming, mobile’s rising dominance is hard to dispute. Mobile technology itself continued to evolve from being something we hold to being something we wear, with the 2013 buzz around Google Glass giving way to buzz around smart watches in 2014. But as pervasive as mobile has become, it is nothing in comparison to the Cloud. Upwards of 90% of organizations (CompTIA) and 90% of Internet users (BI Intelligence) are now relying on the Cloud for easy, inexpensive, and ubiquitous access to storage and services. The Internet has evolved from being the connection to storage and services to being the location of storage and services. The worst of times… Despite technology’s advances, however, the risk of our increasingly digital existence was brutally apparent during yet another “Year of the Breach.” Many retailers and financial services and healthcare organizations experienced damaging breaches in 2014, despite having what were considered strong security programs in place. The fact that our pool of adversaries extends beyond criminals and hacktivists was further driven home by the growing sophistication and sheer number of nation-state cyber-attacks. For the first time, those dubious nation- state cyber activities began to create real-world diplomatic crises (e.g., the escalating tensions between the U.S. and China). Speaking of the public sector, the U.S. National Institute of Standards and Technology’s work with industry resulted in the launch of the Cybersecurity Framework, which was a positive step forward in providing a common foundation for intelligently approaching today’s cybersecurity challenges, but little other real progress was made by the world’s governments. The Snowden revelations of 2013 continued to polarize the privacy debate and stymie the critical information sharing legislation we need to collectively secure our companies, industry and economy. RSA Security LLC T 781 515 5000 174 Middlesex Turnpike F 781 515 5450 Bedford, MA 01730 www.rsa.com
  • 2. So with that as the backdrop, what can we anticipate in 2015? 1. Nation-state cyber-attacks will continue to evolve and accelerate but the damage will be increasingly borne by the private sector – In 2014, nation states around the world increasingly pushed the boundaries of acceptable cyber assault to control their own populaces and spy on other nation states. With no one actively working on the development of acceptable norms of digital behavior – a digital Hague or Geneva Convention, if you will – we can expect this covert digital warfare to continue. Increasingly, however, companies in the private sector will be drawn into this war either as the intended victim or as the unwitting pawn in an attack on other companies. 2. The privacy debate will mature – We’re beginning to see a softening of the current polarized environment in the U.S. and Europe as people recognize that privacy is under attack from and being defended by a more varied and complex set of actors than the current debates would lead you to believe. It is increasingly recognized that privacy is not a monolithic concept and that it cannot survive apart from security. A more pragmatic, balanced debate about how to secure our privacy will ensue in 2015 and the prospects for responsible privacy policies and intelligence sharing legislation that would better protect our privacy may improve. One test of this prediction will be the outcome of the EU General Data Protection Regulation, which may reach a final form in 2015. 3. Retail is an ongoing target and Personal Health Information (PHI) is next – As a result of the numerous retail and financial services breaches in 2014, organizations who handle payment card data are strengthening their defenses and shortening the window of opportunity for cybercriminals, making them a less lucrative target. Unfortunately, the retail sector is massive and worldwide and will continue to be a target-rich environment. In 2015, however, well-organized cyber criminals will increasingly turn their attention to stealing another type of data that is not as well-secured, is very lucrative to monetize in the cybercrime economy, and is largely held by organizations without the means to defend against sophisticated attacks – personal information held by healthcare providers. Unfortunately, we are likely to see another series of very public breaches before many providers improve their security to effectively deal with these threats. 4. The Internet Identity of Things – Despite the publicity that software and system vulnerabilities receive, they are becoming less lucrative for criminals than social engineering and other more easily executed “trust exploits.” I saw a tweet this year along the lines of, “who needs zero days when you’ve got stupid.” The increase of machine-to-human and machine-to-machine interaction will only exacerbate this situation. As such, the authentication and identity management and governance of who, and with the Internet of Things (IoT), what is accessing our networks and data will be an increasingly critical element of security in 2015. Get ready for the Botnet of Things. When you consider this trend, the strong growth of IoT in the healthcare sector, and my PHI prediction, the ramifications are truly scary. While we just had a change in the leadership of the U.S. Senate, I’m not hopeful that we will see a lot of change in the prospects for cybersecurity legislation in 2015. Though the subject is of critical importance for the future of all countries, it is complex and progress is difficult in the current geopolitical climate. In the absence of comprehensive legislation, industry regulators will step in to fill the void, creating a patchwork of new, potentially incompatible compliance requirements (Oh goody).
  • 3. That being said, I am cautiously optimistic about the prospects for collaboration and collective progress in the private sector as companies and industries are recognizing that in the digital world, no one is an island. We’re more like an archipelago and we’re starting to build bridges. The recent growth of industry groups and Information Sharing and Analysis Centers (ISACs) is the proverbial rising tide that lifts all boats. The next step is for us to go beyond information sharing and band together – even across industries – to advocate for and lead the development of strong, global cyber policies. Because if we have learned anything over the past couple of years it’s that if anyone is going to get us out of this mess, it’s going to have to be us. May we all continue to make progress together in building a trusted digital world in 2015. Sincerely, Art Coviello H13746