Cloud is re-defining the security paradigm and putting huge challenges on enterprises as well as security companies to meet the expectation of customers. In an interview with EC’s Mohd Ujaley, FireEye’s Senior Vice President and Chief Information Officer Julie Cullivan, says “At a time when we are having rapid increase in cloud deployments and BYOD, the CIOs need to ensure that there is balance between productivity and protection.”
What strategy is FireEye adopting to develop better security solutions for enterprises?
We are focusing on the advanced cyber threats. Today there is vast rise in the sophistication of the attacks. We help organisations deal with such threats. Our solutions are unique, because we combine technology and intelligence to develop the pattern with the help of sock analysts and security experts. In recent past, the security landscape has changed significantly. The current crop of security solutions mainly is signature based—it will not fully safeguard the enterprises. We provide advanced persistence threat protection across web, mobile, email. In case, a company faces an attack, we will be in a position to provide forensic solution for answering critical questions such as what was threat and how it happened. We will also ensure that the attack that does happen again.
When BYOD is the new reality, what steps should CIOs take for balancing productivity and security?
As a CIO, one really needs to balance productivity, protection and security. All of these are very crucial for the success of an enterprise, one can’t go too far one way or the other. Organisations have to develop clear strategy for managing issues related to data and access. A clear plan must be there to define who should access what data and with what device. Cloud and BYOD are the modern trend, they are going to spread-head the next IT revolution. You can’t shy away from this reality. Therefore the CIOs should invest in new security measures while also endeavouring to define the rules around access to data and its protection.
We had many high profile breaches, including that of Sony recently. But it seems that an extensive postmortem of the breaches are not being conducted. Do you think that a more elaborate research should be done on the breaches for ensuring that such attacks do not happen again?
Attacks have become very sophisticated, they may not leave any trace, which, at times, makes it difficult to investigate their source. I agree that the sharing of information, which impacts large numbers of people is important. FireEye provides cyber threat map based on subset of real attack data. It is true that there is always security risk and the enterprise might not be able to control everything that is happening in their environment, but with the help of technology, intelligence and right analyses, it is possible to have a much more robust system of security, one that is virtually impregnable.
With the government launching the Digital India project, what kind of opportunities do you see for business growth?
Enterprises and government, both are aware about the security risks. In India we are now seeing a willingness to address the myriad challenges. As far as Digital India is concern, we agree that it will lead to the development of many eco-systems with large numbers of connected devices. This will increase the security challenges. I feel, India has the capacity to spread this mammoth task of digitalisation. In India, we started two years ago and have seen fair success. The market here is maturing, people are understanding that persistence threat can’t only be met with technology, it must be supplemented by intelligence and analysis. We are working with partners in tier-I and tier-II cities. We are empowering them with our modern technologies, skills and intelligence. Our huge R&D facility in India is a big advantage for us, we can leverage them for our customers.
In what ways is cloud impacting the dynamic of security business across the globe?
Cloud is re-defining the security paradigm and putting huge challenges on enterprises as well as security companies to meet the expectation of customers. People are leveraging services through cloud, which we could not thought of few years ago. There is growing trend of enterprises using cloud application for HR management. However, in terms of security compliance, the deployment is still very rigid. It is important for organisation to analyse and see what they would like to do with cloud. As far security industry is concerned, cloud will only lead to more challenges and opportunities.