RSA Keynote: 3 Things the Security Industry Isn’t Talking About (And Should Be)

Despite spending more on security than ever before, businesses face more threats with each new day. VMware CEO Pat Gelsinger and Intuit director Shannon Lietz tackled this challenge head on at the RSA Conference 2019 USA in San Francisco.

We have to change our approach. … If not for ourselves, we need to do this for our children.

Shannon Lietz, Director at Intuit

What the security industry needs, Gelsinger says, is a dramatic change in how businesses tackle cybersecurity and threats. Together, Lietz and Gelsinger proposed three “provocative observations” that could change the security paradigm.

1. The biggest threat to security is the hyper-focus on security threats.

“The security industry has gotten so focused on security threats. This in fact is one of our greatest weaknesses. … We’re rushing rapidly into a domain of diminishing returns,” Gelsinger says. “By comparison, we believe we need to fundamentally be reducing the attack surface instead of chasing after the threat.”

2. “Application Awareness” lacks awareness of applications.

“We build technology now to solve for customers with applications and data,” Lietz says. “By focusing on (securing) infrastructure, we have the wrong state of mind and the wrong vision. It also creates silos and divisions in our companies that are dis-empowering. They make it hard for us to do the right thing. Ultimately… that means you have developers and security not working hand in hand to make adversaries go away.”

3. Your most important security product won’t be a security product.

“How in the world do you take 250 products and keep them patched, updated, make sure they’re working with each other? It’s just insanity. We have to decrease that complexity. …We need to make security intrinsic,” Gelsinger says.

“There’s a lot of awesome technology out there. But I feel like we’ve gotten to a point in the industry where complexity has become the enemy of security,” says Dietz. “I’m encouraged about seeing those security features go into the developed platform. To see that code moved all the way through a pipeline with security in tow, this is going to be a leading mission for this industry for the next 10 years.”

Read more about intrinsic security, cyberattacks and enterprise security:

Cybersecurity Insights

Explore Radius for more exclusive, expert insights into the changing landscape of cybersecurity.