OPINION

By Art Coviello

I believe one of the great technological innovations of our time is virtualisation and the advent of cloud computing -- technologies that promise to transform ageing and inflexible IT infrastructures and enable massive leaps in productivity and efficiency. 

We are at a point where we spend 60 to 70 percent of ‘IT’ budgets just to maintain our current systems and infrastructure.  I don’t think it’s a stretch to suggest that this is the technology equivalent of every organisation in the world, big or small, investing the capital and human resources to build and operate its own electricity producing power plant. 

But picture a world where software platforms are available online and easily customisable.  Picture a world where your compute power is generated offsite, available in quantities when and where you need it.  And picture a world where your information is safely stored, efficiently managed and accessible, again, when and where you need it. 

The economies of scale, flexibility, and efficiencies of these cloud infrastructures will not only save us massive amounts of capital and maintenance costs, but emancipate us to apply and use information across our enterprises as never before.  An unbelievable opportunity to raise productivity.

But today, this transformation is shackled by concerns about trust, security and compliance.  

These are concerns that our industry is more than capable of addressing and it will be up to us to pave the way for this new and powerful model of computing.  In fact, virtualisation offers us the possibility for even more effective, efficient security then we have today in physical infrastructures given the ability to insert and embed security controls directly into the virtual layer itself.  If ever there was an opportunity for security to enable business, this is it and we must rise to the occasion.

A second area of focus must be in the way we understand and address threats.  The threat landscape has evolved dramatically in the past three years:  Starting in 2008 with the growing ability of viruses and malware to evade anti-virus signature technologies; to the pandemic scale of attacks launched by criminals in 2009 for profit; to more sophisticated attacks organised by nation states in 2010. 

In 2011 we must also defend against the potentially catastrophic danger of Advanced Persistent Threats perpetrated by non-state actors and terrorists.  By manipulating control systems in critical infrastructure facilities, Stuxnet was the first Trojan to cross the chasm from the digital realm into the physical world.  Stuxnet foreshadows what the future of cyber warfare or terrorism might hold and is the reason that next generation infrastructure initiatives like smart grid must have security embedded.  According to researchers from IEEE SmartGrid Comm2010, the smart grid will offer up to 440 million potential points to be hacked.  Stuxnet is a wake-up call to a very real and present danger and a stark reminder of the need for collaboration not only among businesses but between nations in an increasingly interdependent world.

As we enter 2011 I could make many predictions about where I think the industry is going:  a continued drumbeat of industry consolidation; a new era in compliance including expansion of data breach notification laws globally with continued pressure on IT organisations to meet higher regulatory standards; strong focus on mobile security; and attention to the impact of user driven IT and social media on our industry.  But the two areas I mention – the secure enablement of virtualisation and cloud computing and facing the reality of new and far more sophisticated threats must be primary areas of concern in the coming year.  It’s up to us as an industry to meet these challenges head on. 

Art Coviello is  president of RSA, the security division of EMC

COMMENTS