The information security industry needs to offer more than just security, says Secerno COO

“Cloud computing is not a security disaster – it doesn’t really create more risks. Yes, it causes new security challenges, but this does not automatically result in insecurity. Cloud computing is changing our environment, but it is cost-effective”, Davie tells Infosecurity’s editor Eleanor Dallaway.

Seemingly 100% in tune with what his customers want, Davie concentrates on giving them exactly what they need in a recession: value for money. “Security doesn’t define a business, instead it must enable it. Customers want more than just an insurance against bad things happening – they want a business enabler”.

“If the more mature information security companies don’t adapt to the cloud model, then the newer companies will”, Paul Davie remarks.

Un-phased by the current economy, the Secerno COO actually declares that he is “embracing the recession”, confidently quoting the old saying “never waste a good crisis”.

His confidence, it seems, is not unjustified. According to Davie’s logic, Secerno are at “just the right stage” in their growth and development to be able to ride out the recession. “There will be a definite uptake this year at Secerno” he predicts. “We’re in fast growth period still. The more mature companies will be hit harder, because they probably won’t get the 10% growth they’ve come to expect”. On the other hand, “early-stage companies are going to struggle if they haven’t already sorted out their VC”.

“Luckily, we raised substantial funding in mid 2008, so the money was in the bank before the recession really hit. In a recession, funding is just as much an issue as customers for young companies”, says Davie.

Innovation is key

Innovation, insists Davie, will keep information security companies afloat over the next few years. “The industry is in a stage of rapid change – everyone’s looking for something new. The innovative companies will be the ones to deliver this”. An increase in mergers and acquisitions is on the cards, predicts Davie, as “security giants will buy-in their innovation, by acquiring the new innovative technologies”.

Furthermore, those who focus on providing their customers with return on investment will win the sale, Secerno’s Davie advises. “There are very few information security companies out there that focus on ROI for their customers – it’s all about fear and insurance”.

Secerno however, are taking a more holistic view: “We’re moving from a strictly security viewpoint to a ROI-focus. We’re focussing on creating a more secure environment, but also a cost-saving one. Too many vendors are stuck in the past – we’re focussing on what’s happening here and now, that’s what make Secerno different”.

Duplicated and redundant databases are one of the biggest concerns, says Davie. “Companies are literally spending millions on keeping redundant databases. There’s also the issue of environment control – everyone wants to be waving the green flag”.

While Secerno are focussing on current and future issues, Davie is convinced that many vendors are still looking backwards. “Blacklist approaches can’t win the security wars – ‘same old same old’ isn’t working”. The perimeter, he says, is another example. “It doesn’t exist anymore. You can commercially punch holes in this out-dated concept”.

Taking it seriously

Also moving forward, believes Davie, is the UK government. “They take data protection very seriously. There’s not a lack of intent in government, instead it’s a problem of implementation. They’re dealing with a huge increase in information security risk – they’re trying to protect huge databases with very wide access”. Access and authentication, says Secerno’s Davie, is one of the government’s biggest challenges. “There will be people that will abuse their access and the data”.

The solution? “They need to put in extra layers of security” determines Davie. “The appetite for looking at new technologies is greater in the public sector. I’m encouraged – six months ago, I’d have given a much more negative answer”.

Infosecurity asked Davie what’s caused the sea-change in the government’s attitude to data protection. “Politicians are fed up of being on question time and talking about stolen laptops and lost data”, laughs Davie. “Reputation is a big factor in the push to change things”.

Questioned on whether the American government is taking the same positive steps concerning information security, Davie smiled confidently. “Obama is absolutely going to make a positive change for infosecurity. He’s in a fantastic position to drive change – bringing in a new cyber-czar and a new mandate”. Secerno’s Davie however, is not without concerns. “Obama has talked about integrating healthcare databases; the security challenge is absolutely mind-boggling. It’s going to be incredible to watch, waiting for the first breach”.

One thing that Davie is sure that the UK should learn from the US however, is the data breach notification law. “It’s depressing to watch the data breach notification law get blocked in the House of Commons – there is no excuse for us not having that law” he insists.

With the absence of a law which threatens many organisations’ reputation, the breaches will continue to roll in. “What’s worrying is that the publicity machine surrounding data breaches could have a counter-effect. The constant flow of news items might make people feel that ‘it’s pointless – we’ve already lost the battle’”, says Davie.

For information on Secerno’s partnerships and product news, visit:


What’s hot on Infosecurity Magazine?