You don’t have to be an IT pro to know that there’s an urgent need for some new ideas in security. And if you’re not yet convinced, a concise summary of some of the headline-grabbing breaches of the last few years will probably make the case.
For years you could broadly describe most the manner in which most security products work as “chasing the threat.” In looking for signs of trouble, they may rely on signatures that can easily become outdated or flawed behavioral models. Both approaches leave a lot of IT pros wishing for a better way.
Meanwhile security spending by large companies is on the rise around the world according to a recent estimate by Gartner, yet it seems not to be making much difference. The likelihood that an organization will suffer a material security breach in the next 24 months has increased according to an estimate by the Ponemon Institute. And the average cost of a breach has risen to $3.6 million or about $141 per record stolen, and often higher depending on the kind of data involved.
It’s no surprise then that the appetite in the marketplace for new approaches is strong. Last year venture capitalists poured $3.1 billion into security startups, an all-time record according to CB Insights.
I got to talking about this state of affairs last week with Tom Corn, senior VP for security products at VMware. His contention is simple: At time when most applications are running on virtual machines in public and private clouds, we’re often not protecting the right things.