Securing The 'Digital Industrial Economy'
What significant changes did the enterprise security sector witness in 2013? What did these changes mean to vendors and customers?
BYOD brought perhaps the biggest change to enterprise security this year. With customers bringing mobile devices into the enterprise, companies have been reacting by putting policies and products in place. While in past years companies thought they might stop or control the flood of devices coming into their network, they realize now that’s not an option.
Mobile also brings the cloud into the enterprises. That’s where the data on mobile devices is going. It’s how mobile users access information. Adding to the move to the cloud is the outsourcing of business services to the cloud. And while companies anticipate that the move to the cloud lowers their costs, it increases their risk. The data is out of their control.
And while not exactly a change, we continue to see an ongoing assault of targeted attacks across all sectors of business, including small businesses that have valuable data worth stealing. The intellectual property larger companies share with them is important and the supply chain becomes a new attack vector. To address targeted attacks, companies are looking for help building security intelligence. Targeted attacks are no longer just a security risk, but a business risk as well.
Companies are realizing they need a comprehensive solution, not just a series of point products to address their security requirements. Despite the security industry’s steady release of point products designed to address advanced threats or specific problems, it’s increasingly clear that comprehensive security can’t rely simply on point products alone to get the job done. We believe the approach to information security must change – security must be unified and delivered as a service. Symantec is leading this change.
What are some of the changes you had anticipated would happen in 2013, but did not happen?
Much of what we expected to occur is materializing, but the pace varies in certain areas. For example, cloud adoption is still moving slower than anticipated due to ongoing concerns about security and management in the cloud. We thought this might happen more rapidly.
Can you paint us the picture of how the landscape of enterprise security will change in 2014? What are some of the broader trends you are closely watching?
In 2014, big-data analytics will drive the next generation of enterprise security. Many of today's targeted attacks can only be identified by sifting through and correlating massive amounts of security telemetry from an enterprise's security sensors, to identify subtle indicators of an attack. Enterprises simply don't have the bandwidth or the skills required to collect all this security data, store it, and mine it themselves. As a result, security firms will be able to offer real value in this area. In the emerging model, enterprises will forward security telemetry from all of their security products to a trusted partner where it can be mined and correlated using big-data techniques. There are huge efficiencies to be gained in shifting to this model, since the security provider can aggregate exabytes of security telemetry from literally hundreds of thousands of customers and hunt for attacks than span industries and geographies. While managed security services have been around for a while, this shift toward correlating massive amounts of security big-data across multiple corporations is enabling us to identify attacks that would otherwise be invisible to even the most advanced security point products.
On a broader scale, we are entering an age that Gartner calls the “Digital Industrial Economy.” This ability to adapt to the acceleration of digitalization lies at the center of every successful enterprise – and with the IoT bringing intelligence (and related information protection needs) to billions of currently “dumb” devices by 2020, the enterprise security sector will be greatly impacted.
As the pace of digitalization increases, there has never been a greater need for companies like Symantec to ensure that information is protected and managed so that people, companies and governments can focus on their goals. That is very much the focal point of Symantec’s 4.0 Strategy and ‘Vision of the Future.’
How will customer spend change in 2014 for enterprise security sector? What makes you think customers will be buying more/ less?
The migration to the cloud is inevitable and we’ll see more of it in 2014. And, security needs to be part of the equation as companies evaluate the ultimate ROI. There is a tension in IT between the need to protect information and the desire to reduce costs, with many companies believing that moving IT assets to the cloud is a possible cost-savings. This migration does not always provide the ROI envisioned and also changes the way companies need to think about protecting their information. Certain security-related sectors, such as DLP, where we lead the market, will continue to show strong double-digit growth, while others areas such as endpoint protection will show more moderate growth. Bottom line – we believe that spending will be slightly up in 2014 when you look at the larger enterprise security environment.
What's in store for your company in 2014?
You’ll start to see us executing on the promises of the Symantec 4.0 strategy, which we announced earlier this year. We’ve begun the operational phase on the strategy with a focus on three priorities–offerings, go-to-market and work-smart, an internal program to make us more efficient and effective. I’ll focus on our offerings strategy for your audience. Although we’re proud of how much we currently protect with our point solution products, our strategy includes enhancing these solutions, such as our endpoint protection, DLP and other products, but also introducing new, integrated offerings such as Information Security Service that addresses some of the un-meet needs we touched on above. Our offerings strategy also involves developing integrated ecosystems consisting of Symantec and other company solutions across three important areas where the current approach is not getting it done. More specifically they are:
Unified Security - We believe that the approach to securing information must change. Security can no longer be about running numerous point products. We need unified security, which must be integrated and delivered as a service. Unified security means big data security intelligence delivered from the cloud, leveraging telemetry from millions of mobile endpoints to be able to protect information from the most advanced threats. Symantec’s assets in this area enable us to lead this change.
Information Fabric - To truly secure, manage and derive value from this mountain of information, we need to better understand it by leveraging meta-data and analytics. Enterprise information is stored in isolated repositories that are secured and managed separately–and this just gets harder with information moving to a variety of clouds. These silos of information must be tied together into an information fabric. This information fabric will enable businesses to have a consistent view across their information tier, to be able to create the right policies around their information and to be able to efficiently store and deliver their information assets. Symantec is building this information fabric.
Universal Identity and the Internet of Things - The nature of the information challenge is changing. Information is being created from billions of Internet connected devices today and Gartner projects that there will be 26 billion devices by 2020. This new IoT ecosystem won’t thrive without robust security and identity. This starts with the ability to identify devices and secure communication. Symantec is poised to help companies be safe in this emerging eco-system with many assets in place already; our digital-certificate trust services support more than 200 million devices, including cable set-top boxes, delivered and managed from our cloud-based platform.