I’ve got a challenge for anyone visiting this week’s Infosec Show: Spend two hours here, and then try and sum it up in 20 seconds. I’m offering a prize for anyone that does a good job – just drop by our stand, give me your thoughts in 20 seconds and I’ll see what we’ve got in the goody bag. At the very least, I’ll buy you a coffee – I’d be interested to hear what you’re thinking.
Sounds trite, right? Maybe not though. If you went to a car show this year, the plot line might be ‘self-driving electric vehicles, and the death of car ownership as an urban aspiration’. Plot lines give us a general consensus on, or a net movement towards, an agreed compass point. It hints at coherence.
Let’s do a little warm up exercise then. Think back to the last movie that made any kind of impression on you. It’ll have taken up probably two hours of your life. Now, in twenty seconds, tell me what the main plot line was…
How did you find that? I’m guessing tricky, but doable. You’d be better at the second attempt, you’re possibly thinking. You’d have nailed it by the third. Feeling confident about this Infosec gig then? Don’t be. It’s going to be much tougher. I’d be pretty certain you’d find it impossible (but I’d buy you that coffee for just having a go).
Why? Because the info security industry has lost the plot. While the bad guys collaborate, swap secrets, rub elbows – the ‘good guys’ are disassembling, isolating, patenting. Where you might hope to find vendors working toward coherent, ‘joined up’ technologies, instead you find that the comprehensive solution has fragmented into a thousand pieces. It’s reductionism gone mad. Each link in the chain of threats and remediations has its group of competing vendors. Each of those claims best of breed, and revolutionary USPs. So Infosec will be a shouting match of claim and counterclaim. The result will be incoherence.
As a side note, it’s interesting that venture capital investment into info security start-ups has fallen dramatically. What any VC wants to see in a nascent market is scope for innovation to disrupt established business models, creating a compelling competitive edge for their boy, and so driving a ten-fold RoI. I think what they see right now is a market where consolidation, rather than innovation, is the next and much needed trend…
We believe in coherence, and here’s a coherent thought to prove it. Given that email is the most common vector for external attacks, and that a rogue URL injects the killer malware or siphons off your secrets. And understanding that public cloud services – while setting your people free from lots of constraints – also increases your exposure by letting your people unwittingly or deliberately compromise your clients’ sensitive information. So how about a solution that recognises the interplay between those three, spots the threats and remediates them. From just the one policy engine, and through a single pane of glass?
Today, we’re announcing the fourth leg on the stool (…hopefully someone’s got a five-legged stool, or we’ll outgrow this analogy soon) – by adding Multi Factor Authentication as a service, managed through that same pane of glass.
