Leo Taddeo: What some people spend a lot of time on is embrace the return on investment type of calculation. We’ve seen studies where people have put a dollar value on a loss of a data record. It’s somewhere between $80 and $200. Then they count up the number of records that they have, potentially, at risk, and do a simple multiplication.
Then they’ll say, “Our return on investment is in the tens of millions of dollars because we could potentially use all of these records, and they cost a hundred dollars each.” That appeals to a numbers-oriented enterprise but to me, it doesn’t have a lot of value because the numbers are so subjective. It looks like data, but it’s not. It looks like a formula, but it’s not. We see some breaches where the data loss can be very small but impactful. We see other breaches where there’s a lot of data loss and not so impactful.
I don’t have a lot of confidence in those types of calculation to show value. I’d rather have a conversation about protecting the brand, protecting reputation, protecting customer and client relationships, and continuing business operations rather than trying to put a dollar figure and comparing the cost of a tool to that potential loss.
Sramana Mitra: Let’s go the next line of questioning. If you get yourself up to the 30,000 foot level, what are the emerging trends in cyber security? What are some open problems that you see out there? It doesn’t have to be directly in your space.
Leo Taddeo: The biggest trend is, of course, migration to the cloud. This could be, potentially, a very big benefit for security. I think the cloud is going to put a lot of security vendors out of business if they’re not positioned properly to augment security tools and to address needs that the big providers aren’t providing.
When you look at the cloud stack, at the bottom, you have physical and network resource protection. At the very top, the interface and the application protection. Depending on the cloud deployment whether you have SaaS, PaaS, or IaaS, the shared responsibility between the provider and the tenant varies along that stack. The needs of the tenant vary along that stack. Cloud security providers are getting better at meeting all of the tenant’s needs, but not perfectly.
I think a smart cyber security company is looking at making the transition to the cloud for the enterprises safer and allowing them to take full advantage of the efficiencies and benefits of cloud computing. I think the big trend out there is movement to the cloud and there will be a great consolidation in the cyber security market because cloud security providers are going to be providing a lot of the security functions that independent third-party vendors are now providing.
This segment is part 4 in the series : Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone
1 2 3 4 5