Real Talk from RSA: Every Company Must Become a Security Company
Even with the ban on booth babes, San Francisco was buzzing with new ideas and innovations all with one theme in common: security. The annual RSA Conference was alive with venture capitalists, entrepreneurs, CEOs, CSOs, IT specialists – you name it –all coming together to discuss one topic: the future of internet and enterprise security. And it’s clear this isn’t a passing fad. Data security has taken on new importance. Based off the conversations I’ve had with other like-minded security enthusiasts over the past week, below are four big trends that affirm, security is no longer an afterthought — it’s now the fundamental foundation for every organization today.
Hackers Are Innovators, Too
Our team had the pleasure of joining colleagues and industry experts at panel on the next frontier of cybersecurity, as told through the VC perspectives of New York Times cybersecurity reporter Nicole Perlroth, with speakers from Battery Ventures, Greylock, Menlo Ventures and Norwest Venture Partners. Many important points were discussed here, but in particular, we were interested in how panelists spoke to the abilities of hackers. They reminded us that we can work to solve today’s security problems, but alongside this, hackers will constantly be working to slip in between the cracks. Net-net: hackers have led, and will continue to lead, the innovation cycle. You can have the best in class technology, but the longevity of that is at the mercy of hackers’ own skills and advancements. We were all shocked to learn from the conversation that roughly 80 new security companies launch each month with hopes of tackling the current landscape and future challenges.
205 Days Too Long
Another event that stood out was Kevin Mandia’s talk during Enterprise/Code. The conversation shined light on the staggering statistic that the average hack is only detected 205 days after the fact. Both for businesses and consumers alike, this is pretty devastating and begs the questions of “how can we close this gap?” Sure, we need stronger threat detection technologies to identify hacks, say, 205 seconds after they occur, but more importantly, we need new technologies that shield us from the repercussions of compromised data. A network breach doesn’t have to mean data loss, if we can attach security to individual pieces of data themselves, rather than the passageways which they flow through, time is no longer of the essence.
The House Takes Cybersecurity Into Their Own Hands
We can’t talk about big takeaways from last week without pointing to the recent Cybersecurity Bill, which the House passed to push companies to share access to their computer networks and records with federal investigators. This generated not only large privacy concerns, but emphasizes the alarmist measures government is now willing to take regarding the code-red emergency state of data protection. Bottom line is that this is a problem both sides feel, and thus should be a joint effort. After all, the government needs to protect its citizens the same way businesses need to protect their customers. It’s just a delicate dance getting this joint effort right. We’re curious to see how this will bill shake out and how effective it will be.
Groundhog Day or the Second Coming?
Finally, I couldn’t have said it better myself. In the recent Network World article Nicole Perlroth stated, “we’ve been talking about the same problems for four years, so it does feel like Groundhog Day.” We have to agree that it’s been a long time coming. But I’d argue that the energy excitement on the ground at RSA, coupled with the recent pronounced severity of the data security problems with recent hacks, means that the whole industry is committed and well-poised to translate these talks into actions with innovative solutions.
Overall, this year’s RSA conference affirmed my belief that every company is waking up to the fact that they have to become a data security company. This means the firewall model is broken and trying to extend the perimeter out simply doesn’t work anymore. It’s about protecting the information, wherever it is, and not about locking everything down. It means users should have complete peace of mind that their data truly stays theirs. And lastly, it means that there are no longer any real controlled end-points, or any endpoints for that matter. With that being said, I’m excited to see what this next year brings for the industry overall.