Perhaps you've heard the old information security gag: "if you're a diver, you don't have to swim faster than the shark, just faster than your buddy." It's sometimes good for a chuckle and suggests that we should merely aspire to implement enough security to make us a less attractive target than our peers. Nowadays the joke is a little stale, because as Josh Corman points out in his recent TEDx talk*, sometimes the shark has a buddy too. As risks proliferate and as the bad guys of all kinds get better (badder?) at what they do, "good enough" security hasn't been remotely good enough for years. So I was particularly glad to have the opportunity to gather with some of our best and brightest customers this weekend at our second annual Customer Advisory Board meeting for a frank discussion about how we're all doing before we headed down to San Francisco for the annual RSA Conference.
When I consider the headlines, when I consider the challenges, and when I consider the adversaries, I'm tempted to be pessimistic. Our customers are truly advanced persistent defenders, but they have everything to lose if they should fail to protect their enterprises' secrets. They're mindful of insiders who may inadvertently or maliciously expose their companies to existential risk. They're working to secure their supply chains, because they know that determined and well-organized bad guys will look for the holes in supply chain infrastructure when they fail to find chinks in our customers' armor. They know that no combination of people, process and technology will eliminate risk entirely. They expect to be breached--they *plan* for it--and they're mindful of the possibility that a particularly stealthy breach has already penetrated their defenses, despite their best preparations.
But my pessimism is mitigated by the opportunities we take to get together and learn from each other, as we did this weekend. Sure, we get to share an insiders' look at our product roadmap and strategic plan, but where things get good at a meeting like this is when we create opportunities for long-term collaboration. Threat Intelligence feeds are a dime a dozen, but true *knowledge* is scarce. Every time one of my customers wins a cat-and-mouse skirmish against a hacker (or a battalion of hackers) in a faraway land, the rest of us have an opportunity to benefit from that experience because of the climate of collaboration we've fostered in the Fidelis customer and partner community. It's the rising tide that lifts all boats. It's the impulse to hang together lest we hang separately. It's any number of tried--yet true--clichés that buoy my spirits and remind me that, working together, we can have a fighting chance at not just surviving 2014, but succeeding in our mission to enable continuing innovation and growth for our enterprises by delivering meaningful and effective security.
Are you in? Leave a comment or connect with us to join in the fun.
- Will Irace
* Don't just watch Josh's talk for the cool shark anecdotes. He's got important things to tell us about where we fail to deliver in the traditional IT security space, and about the need for a revolutionary degree of vigilance and attention to security in the coming technology wave, known as "The Internet of Things." For more about his quest to make things better, visit www.iamthecavalry.org.