If there is one thing we can take away from this year’s RSA Conference it’s this: We do not have a technology problem, we have a mindset problem.
There are plenty of very good security technologies available today, and walking around the RSA Conference show floor you really got a sense of the sheer volume of vendors in the security industry.
The problem is that most them offer pretty much the same thing and are primarily focused on one aspect of data security: the perimeter. Unfortunately, the way we are accessing, creating, consuming and managing data and information has made this approach totally obsolete, and the hackers know it.
Every company has a Plan A for how to stop cyber criminals from getting into the network and stealing data. Build a wall around the data with next generation super-duper firewalls, throw in some AV and IDS, and sprinkle it all with some SIEM.
It is a plan that has not changed much in the past 10 years. But even with newer APT and UTM security technologies, the bad guys continue to win. In fact, the problem is only getting worse because when it comes to data security, Plan A is often the only plan companies have.
What is really needed is a Plan B when Plan A fails. That way, there is backup plan to contain the damage once hackers get past the perimeter defenses.
Today’s security professionals must shift their mindset from a focus on breach prevention to a mindset that accepts that breaches are inevitable and focus more on placing security controls closer to the data itself with encryption and the individuals accessing the data with stronger user authentication and identity management controls.
At Gemalto, we call this Secure the Breach, and it is a message we have been promoting for several years.
We recently released the results of our Data Security Confidence Index which confirms there is a need for a mindset change. According to the results, while 87% IT security professional feel their perimeter security is effective at keeping our security threats, 34% are not confident in the security of their data should a breach occur and 33% think unauthorized users are still able to access their networks.
Obviously there is a very, very big gap between the perceived effectiveness of perimeter security and the reality of what is actually happening.
No vendor can claim to offer the silver bullet to stopping data breaches, and any company that does is not being honest to itself or its customers. The biggest challenge is not technology; it is how we approach data security by putting all of our eggs in one basket. There are of course other challenges, such as having the right expertise and resources, but the most important thing is to approach this problem with a new mindset by having a Plan B.