Monday, February 1, 2010

Shedding Light on the Information Security Landscape: An Interview with Sandra Toms LaPedis, Area Vice President and General Manager, RSA Conference

The Information Security landscape is changing. In the face of dealing with more sophisticated threats, these recessionary times are driving innovation like never before. Sandra Toms LaPedis, Area Vice President and General Manager, RSA Conference , sheds light on information security challenges, technology trends driving the CSO agenda, and how today’s environment is creating opportunities.

1. What are the top organizational challenges facing security professionals today?
The number one challenge is that IT departments are currently working with fewer resources. While Gartner research shows that IT budgets will be up in 2010 by 3.3 percent, the industry will still be playing catch-up with 2009’s 5.2 percent decrease. And according to the U.S. Bureau of Labor Statistics, 9.4 percent of the population is currently without a job – with California being hit particularly hard at a rising 12.4 percent. Unfortunately, many security practitioners are in these ranks.

With these limited resources and the loss of talented security professionals in IT departments across the country, no one is minding the proverbial store. Many organizations are left with stripped-down departments that have fewer people watching for threats. We know more issues can occur during these times of economic hardship, so having more eyes on the security posture of an organization is more important than ever before.

2. What are the top three technology concerns for organizations?

Based on the abstracts that were submitted and the agenda we have set for RSA Conference 2010, we see that three particular areas of concern are cloud security, security in the face of consumerization and mobility and cyber warfare.

3. How is today's business environment impacting how security challenges are addressed?

In July 2009, we surveyed nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations to find out their pain points for the coming 12 months. Fifty-seven percent of respondents cited budgetary constraints as their biggest concern. This means organizations have to get creative with the way they protect their infrastructure since they have fewer dollars to spend. This may include finding new tools that address multiple issues, learning how to make what they currently have adapt to changes in the landscape or architecting new solutions.

4. How has the current environment created opportunities for security-focused service providers? Is today's environment driving innovation?

Recessionary periods drive the most innovation. Especially today, when entrepreneurs and developers have so much technology to get them started, industrious individuals are required to be more creative and resourceful. You can simply look at events like TechCrunch50 and DEMO to see that technology professionals are capitalizing on missed opportunities by debuting truly innovative products and solutions.

The information security industry is no exception. Codes are becoming more malicious, botnets are getting smarter and attacks on corporations and nation states have become more frequent – such an environment is ripe for information security innovation. At our Innovation Sandbox program we showcase and honor companies and individuals that are at the cutting edge of security innovation and have the most promise for offering a solution to the information security industry’s most pressing issues. On February 8 we will select 10 finalists from a pool of 40+ submissions to compete for the title, “Most Innovative Company at RSA Conference 2010.” With this program we plan to highlight the entrepreneurial spirit of the security industry while also giving early stage companies a venue to be seen by their peers.

5. What have you seen in terms of innovation in security?

In the last year we’ve seen new companies address the security concerns associated with the proliferation of cloud computing and virtualization in IT architectures, as well as significant advances in the way organizations can secure their employees’ mobile devices. The list goes on and on, but there is a need for so much more – which is why Innovation Sandbox is such an important program, and why information security professionals sharing best practices at RSA Conference becomes a business imperative.

This year we’ve had companies submit products that can emulate a phishing attack on an employee to provide education on how to identify risks via email, solutions that address the security risks associated with password resets and products that have turned authentication as we know it on its head by integrating image recognition to the fold.

Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conferences, joined the company in 1998 and is responsible for the global promotion and successful execution for the Conference. This includes content, strategy, logistics, industry relations, brand extensions and partnerships.