This week I sat down with Anna Watson, general manager of security solutions, Europe, at Dimension Data, to have a chat about the state of the information security industry.
One direction that the industry seems to be moving in, commented Watson, is towards platforms. “Even the pure-play security vendors – traditionally offering one niche product – are moving towards platforms”, she said. Watson remembers the negative perception around unified threat management, but recognises that there is a current need to offer more.
“There is more focus on management and threat intelligence now”, she said. Watson and I also discussed the emergence of security as a feature, with the likes of Cisco building in security as a feature from the offset. Will this result in a decline of infosecurity vendors, I ask? “No, there will always be a need for information security companies because of their agility and flexibility to respond to new and advanced threats”. There is room, for everyone, she said, listing niche players, infrastructure vendors, and pure-plays.
Data Centric Re-Birth
A phrase that Watson uses more than once during our meeting is “the re-birth of data centric security”. Did it ever die, then, I ask? “No, but it’s becoming easier to buy in to”, she said. She considers this ‘re-birth’ to be driven partly by MDM. “It’s nothing new, but the security awareness part is becoming bigger”, she said.
We touched briefly on the death of the perimeter, and Watson’s insight was concise and accurate: “Risk moves with the data and the perimeter moves with context. Network Access Control should really be re-named Access Control”, she suggested.
In the past, data centric security was “hyped by DLP, which was basically what people used to describe any technology that was focussed on any data issue.”
The Security Proposition
While security is one of six divisions within Dimension Data, it is increasingly built into all other five divisions, sitting horizontally across the proposition.
“Security is becoming more important to clients.” The media and awareness around data breaches are to thank for this shift in mindset, believes Watson. “And awareness is the first step to protection. It’s good that there is a sense of urgency around information security.” Information security, she argued, has evolved from a differentiator to a must. “Security is definitely rising in the priority list”, she said.
After the Horse has Bolted
On the subject of data breaches, Watson considers how organisations handle a breach after it has happened to be the most crucial part. “You can tell a lot about an organisation’s infosec policy by how they respond to a breach and talk to the media”, she said.
While Watson asserted that hackers are certainly more intelligent, motivated and targetted than historically, she also pointed out that their techniques are “old, like DDoS. Old is the new new.” Her advice in relation to this reality is “Don’t switch security off and don’t forget the fundamentals.”
Information security budgets, she believes, are all too often spent on panic-buying, maintenance and operations. Budgets are also focussed on compliance, she said, warning that “compliance and security are not the same thing.”