Worldwide Chief Technology Officer, McAfee Mike Fey’s focus at McAfee’s annual Focus12 conference at Las Vegas, has been around creating a safer world. In conversation with N Geetha, Fey emphasised the need to use multi-factor authentication tools to tie user identity to devices for greater protection

 

Which technologies under the information security framework will impact IT heads in the next 9 months?

With trends such as social media, cloud, big data and application explosion resulting in major security disruptions, I see some technologies which will make an impact in the next 12 months, and which will help the industry get ready to meet the changing dynamics. These include:

BYOD-: In the next 12 months, BYOD will start becoming a reality. With predictions that there will be more users connecting to the Internet on a mobile device in the next year (compared to a more traditional desktop or laptop), together with the massive explosion in applications, organisations will have to deal with mobility and BYOD in the enterprise or risk total loss of control.

Authentication: Customers would have significant focus in Identity and Authentication tools in the coming year. The reasons are varied. Internet users have come to understand that passwords are not enough, and identity and authentication systems used today are too difficult and possibly ineffective in dealing with today’s issues. The next 12 months will see massive adoption of multi-factor authentication processes and more solutions to tie your identity to your device and information. There have been several threats to the intelligence as enterprise business models are changing.

Security Data and Analytics: SIEM is no longer a viable solution unless it provides the ability for real-time incident analysis, compliance and response, taking into consideration every device connecting and communication within an organisation. The requirement to bring together event, threat, and risk data with security intelligence will facilitate rapid incident response and the ability to make real-time decisions based on the security posture of the organisation and how to make better information decisions in protecting the organisational information assets.

ePO Real-Time: ePolicy Orchestrator (ePO), the most advanced and scalable security management software will have its influence on customers. The sheer volume of threats and the nature of hidden, stealthy malware that is designed to evade traditional protection counter measures will require every organisation to have instant visibility across every device. Of critical importance will be the ability to query for data and make decisions on how to protect the network, and then make relevant changes in real time, which is possible using this software.

Elaborate on how McAfee’s technological innovations will transform the customer environment.

McAfee will provide the technology that enables a real time understanding and response to the environment. There is an orchestrated approach to make our customer place safer than before. It is critical to enable customers to see what’s really happening in their environment and respond to it. Most security is built on historical information such as event logs and alert triggers. This will become antiquated in the long term.

We would provide a platform that allows customers to integrate McAfee and third party solutions into a true integrated fabric allowing the solutions to operate in a manner that customers require in meeting enterprise security standards. The systems will be able to share information and learn from each other, enabling increased effectiveness and awareness to see reduction in cost or operation. We work closely with customers across verticals through our customer advisory team to understand their long term plans and security needs and works backwards with the R&D team.

What are the products developed by McAfee along with customers as part of the co- innovation approach?

Everything we build is run through a rigorous customer guidance and validation effort. A major advantage McAfee has is a massive customer base and we use this to guide the bulk of our major investments. In fact, our SIM solutions are developed from the feedback we receive from customers and we evolved the risk based architecture based on the feedback we got.

Can you elaborate on your co-innovation strategy?

Our strategy is to understand the environment from all aspects–technology, business, globalpolicy, and comprehend the customer challenges that we can address today and for the future; and create an open platform and "plumbing" infrastructure that accepts hundreds of other technologies and allows customers to connect to our automated detection, event reporting, intelligence and remediation--all the while innovating around new areas that solve tomorrow's problems.

What is your plan of action for 2013 in securing your customer place?

In the next year, we are focused on delivering the Security Connected Platform while enabling best in class network, Endpoint and management solutions. We would expand our entire security portfolio and ensure every end user application is projected and will come up with new form factors to protect new form factors.

What best security practices would you recommend for IT heads?

My team and I have written a book specifically to address this question called Security Battleground an Executive field manual. At the heart of the book is a concept we call the 3Rs: “Riches, Ruins and Regulations.” What we propose is that IT managers or CISOs need to understand what it is you’re protecting against, what will make an attacker rich, what will ruin your company and what regulations you have to operate under. If you understand this from a business perspective, you can begin to align your security underneath it.

With the Cloud invading the industry, what are the best security measures customers must take?

Cloud security is a huge topic when taking into consideration the different service types and architectures; for example, public, private, community and hybrid clouds. Then you need to consider Software-as-a-Service, Infrastructure-as-a-Service, and Platform-as-a-Service architectures; all this before you take into consideration what data you are putting into these cloud service types and architectures. Some key considerations for all deployments are:

• When moving any data to the cloud, never think you can just hand over responsibility for security and availability over to a cloud provider and forget about it. Like any other IT component, cloud services must be managed and secured using policy, monitoring, and security tools and services.

• Before contracting with a cloud service provider, make sure your internal security is up to date first. Don’t let your corporate network become the weakest link in the chain. Then make sure the cloud service you are selecting supports your internal security policy standard and your service provider has full transparency to allow you to measure compliance.

• When first moving to the Cloud, consider using the cloud with low-risk, non-core functions until your organisation understands the security landscape, how to manage the provider, how to protect the data and how to move compliance from internal to the organisation to include the service provider.

• If you don’t use cloud services, your employees will most likely do. Create a list of cloud services that IT has investigated and deemed acceptable in terms of security.

• Investigate cloud provider contracts and SLAs carefully. Don’t accept the provider’s standard contracts and SLAs, broker your own and use tools available from bodies like the Cloud Security Alliance to allow you to select the best provider and SLAs for your specific requirement. Consider standard audits and certifications such as SAS 70 Type II or ISO 27001

• Make sure the provider allows your organisation to audit its security periodically as well and make sure all data is encrypted

There is a misconception that there are no standards in the Cloud, that it is difficult to assess the security of cloud providers, compare offerings and securely leverage cloud offerings. The best practice or approach is to have a formal plan in place on how you will do security testing and compliance validation to remove security concerns as a barrier to any cloud project.

How does the customer need to get cloud ready?

Whenever preparing to use any cloud service, you need to be sure you understand what information you will be putting into the Cloud. It is critically important you consider how the data will be accessed, who will have access, how it will be secured and what the best way is to protect your information. Once you know what data you want to move to the cloud, its importance and how it should be secured, you need to pick the best provider that meets your specific needs.

Many service providers differentiate themselves through the security services they provide and there are service providers with stronger security architectures than their customers themselves can implement. When selecting a service provider, there are a significant number of tools available; the Cloud Security Alliance, as an example, has made tools and best practices available to assess compliance and to help you ensure service providers comply with best practice objectives. A lot of misconceptions can be addressed leveraging best practices from bodies like the CSA.