After 20 years in the industry, Symantec’s EMEA CEO Matt Ellard talks to CBR about IT security, the cloud and how cybercrime could threaten the Internet of Things (IoT).
The security industry seems to be moving towards a more reactive model of protection, rather than one based on perimeter defences. Does that tally with your experience?
Yeah, pretty much. You’ll have seen a lot of discussion about what we would call advanced threat protection. You still need to have a boundary that is a perimeter, but as threats get more advanced you need other layers that can identify more threats to your business, and take a proactive approach to start nullifying those threats.
We advise a lot of companies to start classifying their info as either IT or client data. You should put together the right intelligence, governance and compliance tools to make sure it’s protected, and make sure you are only sharing data with those you need to.
Would you say the digital world is becoming more or less dangerous?
Without doubt threats are becoming more sophisticated, and if you start looking at the whole threat landscape cybercrime is becoming more targeted. There’s been a couple of releases recently where you can see these are sophisticated organisations committing these crimes. You have to have multi-layers of protections and you have to be more proactive
Content from our partners
What are some of the challenges digital security is likely to face as IoT becomes more prevalent?
It’s that balance again. You can see there is a lot of productivity and a lot of competitive advantage for those who win the race.
We see two complications. Data is exploding already. It’s growing to the tune of 100-200% year on year, and you can add to that up to 70% of data can be duplicated. As a huge amount of money is being spent on storing and backing up that data, the Internet of Things is only going to make that worse.
The second point is that these are all going to be entry points for the bad guys to get in. Any device that is connected to a machine is going to be seen as a platform for potential data breaches.
What is the future like for chief information or tech officers, particularly regarding business security?
We think that there’s more pressure on CIOs these days. It used to be down to risk and efficiency but now they are being asked to be an enabler of the business with real-time intelligence. The business has continued to look to IT to provide intelligence so they can have more agility in how they test their market.
There’s a huge pressure from employees, especially some of the digital natives who come into the workplace and are very IT savvy, wanting to bring in their own devices and access their applications. That’s good in terms of productivity but it poses threats to companies tradition way of working, and also their security systems.
How has cloud affected the security industry?
I think the first thing that security has to do is not be the ‘no’ in innovation. Security used in the right way can be an enabler of cloud, but it goes back to the classification of data. You need to be sure what information you have in your organisation, whether you are using a public cloud or a private cloud.
Cloud is a different way of outsourcing, and you need to make sure you have the right processes and the right methods to outsource properly.
How does the security industry compare in Europe to the United States, particularly given some of the privacy rulings from the European Union?
The complexities and challenges of CIOs in EMEA, having spoken to those elsewhere, are exactly the same as those around the world. But I think data residency is going to become a more prevalent discussion, and people need to consider where data is residing. I think it comes down to having your own processes, and making sure people are aware of where information is before they start embarking on cloud strategies.
