The biggest obstacle is the ever-changing threat vector profile. While the industry is cognizant of the changes, the real challenge is going being recognition and staying one step ahead of the threat profile. The computing industry is massively changing. Cloud computing is a prime example. However, organizations continue to view security as an obstacle rather than an enabler to their business and tend to rely on past security frameworks. Right now, in my view, there is a real resistance to change in terms of how people approach information security.
There is widespread acknowledgment that a perimeter only approach is a dated one, and yet organizations continue to invest in it, as opposed to adapting and focusing more resources on protecting the data itself. People are generally aware that it is not very difficult for an unauthorized user to penetrate a corporate network, but they are not yet fully grasping the idea that every network breach must not be a full-scale breach of security.
What we’re trying to do is usher in a new era, in which the focus is on enabling the “secure breach,” in which security measures are designed intelligently around the acceptance that unauthorized users may well already be inside the network. Breaches don’t have to cause the same type of damage they’ve caused in the past; not if the valuable information is protected by encryption. You simply need to know what the hackers may be after and why, and deploy your resources accordingly. SafeNet’s data protection philosophy revolves around this idea. I believe that this is the direction the industry is taking, particularly as more and more information is being migrated to the cloud. People are talking about this idea, but are only now beginning to deploy their resources accordingly.