Make Security a Forethought not Afterthought: CTO, Blue Coat

Joe Levy, Chief Technology Officer, Blue Coat, believes that emerging trends such as BYOD and cloud have increased the attack surface of organizations, and they need to accord top importance to security. In an interaction with Yashvendra Singh, he discusses how Blue Coat is helping security leaders in managing the changing threat landscape

Despite the increase in the attack surface of organizations, security is not accorded top priority. How is Blue Coat trying to make security a forethought rather than an afterthought?

New and emerging trends and business models such as cloud, shadow IT, and the Internet of Things (IoT) are drawing a lot of attention of enterprise technology leaders. Then there are certain changes happening in the data center itself. For instance, Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are slowly but steadily gaining ground. These are early days for such technologies but they will do the same transformation in the next decade as virtualization did in the last decade. However, they also bring in increased risk of threat for enterprises. Historically, security has been an afterthought. It is, unfortunately, not something that is layered into the development process. With this lesson from history, we are taking a different approach. We are trying to get involved in the early stages of design technologies such as SDN. For instance, Blue Coat is an active member of the Open Networking Foundation, one of the primary contributors for the security discussion groups today. This is providing us an opportunity to make security a forethought rather than an afterthought.

But the days of the run-of the-mill security are over. How are you enabling security practitioners to leverage the next generation of solutions?

We don’t just provide run-of the-mill security. Blue Coat has done some interesting acquisitions over the years, which has lent it the ability to align itself with the changing threat scenario. For instance, enterprises are increasingly using encryption these days. However, there is a certain consequence to increased encryption adoption, some of which are paradoxical. While encryption increases security, it, the same time, also hinders the use of security stacks that have been invested upon. It prevents a security leader from conducting traffic inspection as freely as he did before. Blue Coat recognizes this and has acquired technology that will allow enterprise level decryption with all the necessary controls and expected performance. This will be one of the most important security capabilities over the next five years.

How can CIOs/CSOs get a grip on Shadow IT?

Some people call Shadow IT good while others dub it bad. Whether it is good or bad, the genie of Shadow IT is already out of the bottle and there is little we can do about it. The best that an enterprise technology leader can do is to try and understand it. Shadow IT requires some level of visibility and perspective on how it is being used in an enterprise’s environment. Without it, a security leader can’t do any meaningful risk calculation. He needs to gain visibility into what services and data are being used, and based on this he needs to determine how it aligns to the business priorities.

What do you feel are the other challenges confronting CIOs?

Apart from Shadow IT and cloud, wherein the data is not within the four walls of the organization, there are other challenges for CIOs. The rate of growth of encryption is emerging as a challenge. This will take a lot of enterprises by surprise when they will realize that the uptake of encryption channels is prohibiting them from understanding what is entering or exiting their networks. Also, alternative compute platforms related to mobility and BYOD and IoT are also areas of concern for IT decision makers. Not only do they enable data to move out with ease but they also vastly increase the attack surface of organizations.

You talked about SDN gaining ground. When will it go mainstream?

There is a lot of misconception around SDN. CIOs believe that it has to be implemented in one go. However, that is not the case. It can be phased-in and hybridized in the existing infrastructure simply. The CIOs need to realize that SDN can be introduced in small increments rather than in one go. Once security and networking practitioners realize the additional capabilities and enhancements that SDN brings, much the way as virtualization did, I believe its adoption will accelerate. The other driver of SDN could be the economic aspect. SDN is quite an economic powerhouse. The relative cost of a bare metal switch where all the intelligence has been abstracted out into software and a controller is much lower that a switch wherein everything is embedded. The former also provides more longevity and upgradability. As the awareness around these aspects rises, the adoption will take off. Also, the fact that nobody wants to be on the wrong side of the trend or curve, will also push adoption. People might feel this will be a new standard and they would want to do it earlier rather than later.

Going forward, which technologies will deliver maximum value for a CIO?

In terms of what will deliver the best value to business, mobility and cloud are already on top of the list. Social is a large and inevitable force. Some businesses have understood how to leverage it to their benefit. Other businesses are just grasping how they can monitize it. Analytics is similar to this. We are seeing the emergence of consulting services that are specializing in the application of these kinds of capabilities. Over time, as all other technologies, analytics will also become commoditized.


Nike Tiempo Legend

Add new comment