If you saw my section of the day 2 Synergy keynote last week, you know that security is a top concern for CEOs. Some people are surprised when I say this because one traditionally thinks of CIOs and CSOs as the main drivers behind a company’s security strategies. And they usually are – but the reality is that security is no longer an IT issue, it is a business problem. The challenge is that all businesses have to deal with it differently and there’s no silver bullet to solving security issues. Data security is now a major component of risk management in a modern company.
Yesterday’s Security Plan Isn’t Strong Enough
Today’s threat vectors are sophisticated and yesterday’s security plan to protect your organization isn’t strong enough. We cannot plan for how and when we might be compromised – however, we can plan for how to deal with it. A holistic approach that includes processes for how to deter, detect, respond and remediate (DDRR) helps us prepare for when protection fails. A modern security plan should not only include how to secure systems, but it should include a clear data protection approach for data in use, in transit and at rest. Monitoring user and data behavior, access control and encryption also help sharpen visibility and improve security. A comprehensive approach should include clear governance (all the way to the board level), architecture (IT and business), appropriate technology and effective organization/operation.
But where to start? Our customers understand that Citrix is a key partner in their current and future security strategies. There are many practical examples of this, some of which we saw during the this year’s Innovation Award videos, but no vendor can be a one-stop-shop for security in today’s world. Our goal is to continue to make value-added products that directly address our customers’ security concerns around the delivery of the software-defined workplace. And just as with all our of products, we believe you can have security without compromising productivity – businesses have to assure that they deliver experience, security and flexibility.
So how do we do that? Our flagship products are designed with the notion of adaptive security front and center to enable the balance of security with enablement. Virtualization, containerization and secured networks are all critical and work together to provide an adaptive security solution. It’s about using the combination of the right tools at the right time to protect what matters.
The Castle and Moat vs Metropolitan City
The sheer growth in the number of connected users, devices, machines and data amplifies the need for the right solutions. I like to use a “castle and moat versus the metropolitan city” analogy. Basically, businesses used to be able to leverage an approach as simple as a moat to protect themselves against data theft. But now, no matter the business, companies need to view themselves as a metropolitan city. With the constant flow of new devices and wearables, as well as the rise of IoT, a new generation of security risks and challenges have emerged. Simply saying “no” to new demands from an enlightened user base won’t work. Period. The more IT says “no,” the more they drive employees to take things “underground” where there is less visibility and control. The old threats that were taken care of with the moat still exist, of course, but you can’t fix tomorrow’s problems with yesterday’s thinking and process. You have to stay ahead of the curve and be an enabler.
Staying Ahead of the Curve
An example of staying ahead of the curve is the beta Octoblu platform we demoed in the keynote last week. I may be biased because I helped launch the company (now a part of Citrix), but it is a major step forward in making sense of how to secure the devices and data that IoT brings together. With Octoblu, each “thing” is identified and managed as its own perimeter with strong-keyed encryption and separate authentication and authorization components. As a result, it is possible to white or blacklist each thing from communicating with other things as required. So not only does it enable new approaches to security to address modern challenges, but it brings the power of IoT to workspaces and the business environment to allow more flexibility, helps people be more productive and gives them a delightful experience.
I would love to hear your thoughts on my keynote message (and the Octoblu demo). It is available on-demand here. Take a look and then leave a comment here or ping me on Twitter at @geirheads.