"Frankly, a lot of innovation happens when you get out of the comfortable zone of predicting what is the next requirement the customer has," he says. "When you start to show them authentication is not about the next token, it is not about the next trick, it is about how we can change lives by having a better understanding of who we are and our context as we move through a really amazing world. So, the challenges we face in IT are cloud, smartphones, social networks, and cyber crime. In security, these are the same ones and for us I would like to walk out there and enable our customers to go much further than they thought they could."
The Italian journalist asks him a question and he answers it.
What are the biggest challenges that enterprises are facing today in terms of security? That is my second question to him.
"I think the biggest challenges are, well, it is funny... some folks are caught up in the budget cycle and what do they do next and how they do get people working on the right thing," he says. "I think the first thing I would do is split security into two big chunks. One is longer term projects to improve the health of an organisation's security, buying the right tools, things like threat management, and the right investment in authorisation infrastructure, authentication and so on. On the flip side, there is the notion of incidents and response. And it is different for both. So the first group-they are worried about how to deal with the three big disruptives: how do they deal with cloud, how do they deal with (I call it) the consumer-industrial-complex, by bringing in social networks, smartphones and the third is cyber crime. That group is wrestling with how do I deal with this-how do I get technology out of the way as a problem for the company."
"The second group is saying when I am attacked, who is going to attack me? What do they care about? What do I have that I want to keep away from them? Who downstream from me, my partners, customers, could be affected and who upstream from me be a vehicle to get into the organisation? And in that, it is a race. It is a race to the information.
"Your infrastructure could be compromised but it is not inevitable that information is compromised. So designing your processes to say how we deal with people who do get into the environment and make sure that they get nothing from it. That's the big challenge. And when the race is on, time is the big currency. In an incident, when an incident happens, it is a race to get to the information before the bad guy. If you get there first, you win. If you get there last, you lose. So, intelligence helps, automation helps, collaboration helps, communications helps, thinking ahead of time what your processes will be and what your contingencies will be helps. And that's what the second guy is worried about."
Sign up for Computerworld eNewsletters.