Last year’s industry-shaking RSA Security breach has resulted in customers’ CEOs and CIOs engaging much more closely with the vendor to improve their organizations’ security, according to the head of RSA.
Discussing the details of the attack that compromised its SecurID tokens has made RSA sought after by companies that want to prevent something similar from happening to them, Executive Chairman Art Coviello said in an interview with Network World.
“If there’s a silver lining to the cloud that was over us from April through over the summer it is the fact that we’ve been engaged with customers at a strategic level as never before,” Coviello says, “and they want to know in detail what happened to us, how we responded, what tools we used, what was effective and what was not.”
While the company was roundly criticized for not doing enough right away to reassure customers once it made the breach public, Coviello characterizes RSA’s response as rapid and effective.
“When we go into detail about the attack I think people are actually impressed with the speed with which we were able to see the attack in progress,” Coviello says.
“We were still unable to keep [hackers] from getting away with at least something,” he says. “But we were able to minimize the damage, and more importantly, get to our customers timely enough so they could protect themselves to mitigate risk associated with the damage.”
On another topic, Coviello says businesses are rushing and therefore missing an opportunity to build security into virtual and cloud environments as they adopt them.
“[A]s much as I’ve preached for three or four years that we have an opportunity to get it right this time as we virtualize our environments and we go to cloud [by building] security in, it just isn’t happening,” he says. “We’re making the same mistakes all over again.”
The problem is that businesses crave the functionality and savings of virtualization and cloud at the expense of security. “[I]t’s just unfortunately the way the world works sometimes, that people want to get the benefits of a new technology wave and don’t always think through all the security ramifications,” Coviello says.
Despite those shortcomings, Coviello says businesses are accelerating the overhaul of their traditional security to adopt defensive models that are advocated by RSA, particularly automating security analysis and response.
“You would like to think that people would come to these conclusions and act on them more quickly,” he says, “but there’s such competition –whether it’s budget, whether it’s business initiative, whether it’s overhauling their own infrastructure, whether it’s this crazy economy we’re working with — it never goes as fast as you think it should or could.”