The chairman’s keynote was a much anticipated feature of this year’s conference, following the high profile security breach at RSA last March.
The security firm’s angle in reaction to the breach was made clear from the start of the conference, with Coviello’s entrance at the Moscone Center in San Francisco preceded with a high energy choir performance of the Rolling Stone’s classic, You Can’t Always Get What You Want.
“I’ve learned that most people would love a world without risk – but you can’t always get what you want,” Coviello began
“We can’t guarantee risk free infrastructures operating our digital world, but we can and have made tremendous progress improving the safety and security of IT by reducing risk to levels, where smart people can make prudent decisions and manage risk effectively. So no, you can’t always get what you want – but if you try, you might find you do get what you need,” he added.
Coviello spoke of new trends and technologies that, despite being great for the development of business and IT, has increased security vulnerabilities.
“Trust in our digital world is in jeopardy. New breeds of cyber criminals, hackers and rogue nation states have become as in depth at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value. With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness in today’s hyper connected infrastructures,” he said.
“It was our own slow response to recognise the potency of the emerging threat landscape and inability to band together [that got us in trouble]. Our adversaries are better coordinated, have developed better intelligence and easily outflank traditional perimeter defences. Mobility computing, Saas, and hybrid and full-scale adoption of cloud infrastructures, represent the technology aspects. For the first time since the dawn of IT, technology-savvy consumers and employees are adopting technology faster than governments and enterprises can absorb them, with huge political, social and security ramifications,” he added.
Coviello was candid in admitting the weaknesses of modern IT security, but insisted fear of adversaries is not an option.
“We need even more from security, because quite frankly we are at serious risk of failure. Today’s security models are just inadequate and with the current trends will only become more so. In my 17 years in this industry, I’ve never solved on the basis of fear – and I’m not about to do that now. As security professionals we’ve demonstrated time and time again an enduring resiliency and ability to innovate and give others the confidence to realise the potential of the information age,” he said.
He added that he believes the breach has actually had the positive effect of making RSA stronger.
“We face some harsh realities. Collectively, people in our line of work have been going through hell in the last 12 months. Never has our responsibility to our customers been as firmly etched in our minds. Since the breach we’ve been dedicated to regaining and maintaining your confidence in us. We have a sense of urgency as never before to apply the lessons we’ve learned firsthand, and use the privileged insight we’ve obtained from other attacks,” he said.
Coviello also called for other security companies to come together in union against hackers.
“The fact is, we are not alone. Never have we witnessed so many high profile attacks in one year. Never have the attacks been as targeted, with the aim of breaching one organisation as a stepping stone to attack others. For that very purpose, never has so many security firms been attacked directly, including RSA,” he said.
“In our interdependent world we need to understand that an attack on one of us is an attack on all of us. Together we can all learn from these experiences and emerge from this hell smarter and stronger than we were before,” he added.
Coviello spoke with passion and determination as he considered how RSA and the security industry as a whole can combat these adversaries.
“As Winston Churchill once said, if you’re going through hell, keep going. Well, we better. Or as someone else put it – you may not realise it when it happens, but a kick in the teeth may be the best thing for you. I don’t know about that, but for one thing is sure; we must fight back the only way we know how, with creativity and innovation. We won’t stop every individual attack, but we can reduce the window of vulnerability from all attacks and put the balance of control back firmly in the hands of security practitioners,” he said.
He added that he believes currently hackers are winning the battle against security companies.
“Just as our adversaries have taken advantage of the sheer speed and availability of information on the internet, we need to do the same. We can unearth the wealth of intelligence that’s buried in those very same infrastructures and use that intelligence to our advantage,” he said.
“The reality today is that we are in a race with our adversaries. They win when they can spot weaknesses and exploit them faster than we can identify the attack patterns and prevent them. Right now, more often than not, they are winning,” he added.
Speaking of the future, Coviello’s words leant more towards military soundings, than a technology conference.
“We face harsh realities. Make no mistake about it, we are in combat with a host of adversaries who threaten our very trust in the world’s digital economy. Whilst part of that combat is being laid with irresponsible nation states, this battle is just as much about the misguided activists whose attacks can be equally as devastating. We are in a war and in war there is only one thing you can do – form your battalions and fight,” he said.
“It’s time for us to collectively and with determination do just that. We can get what we need. We can ensure that the balance of control of our digital world remains in the hands of security practitioners. We can give them the tools they need to identify threats quickly and eradicate them. We can give our industry the structures it needs to share intelligence so that we can all be in this fight together, and that knowledge gained by any one of us can become power for all of us,” he concluded.
Sub editor, Ben Rossi is reporting live from the RSA Security Conference, 2012 in San Francisco. For live tweets from the event, follow @ComputerNewsME and #RSAC.