Etienne Greeff, Chief Executive of SecureData gives us his reaction to new research published by PWC and Gartner and the announcement by Foreign Secretary William Hague that the UK is to host the Global Centre for Cyber Security. Etienne Greeff also gives his overview on the security industry as a whole and what the future holds.
With the announcement that the global centre for cyber security will be hosted by Oxford University in the UK, what does that mean for UK businesses in particular?
Well I think that I have been involved with the high security for the last 20 years and certainly this is the year high security has gone mainstream. This is year that people realise that high security is not a large company issue and it is not a government issue, it is an every company issue and if you look at all the research that's happening right now be it local research from PWC be it global research be it overall temperature from the vendors. All realising that this is battle that is happening today and it is a battle that companies need to take seriously because if they don't it is going to affect them where it matters in their back pockets.
Are companies taking cyber security seriously now or are lots of big companies still being left behind?
I think people are starting to take things seriously. There are a couple of things that have happened there is a combination of large things and small things happening at the large end you have the big threats you have the big attacks in the New York Times and you had the attack on the Sunday newspapers. Then you have the big high profile attacks against iconic names that everybody relates to. At the bottom end even small companies are now starting to experience serious attacks and a lot of financial institutions are targeted particularly and also there have been an increasing number of fines against smaller companies for data breaches. It is one of those things where it is almost like a cyber threat coming on all fronts, the large side the small side and the middle side. You are going to almost have to run for the hills or say hang maybe we should start taking this seriously and doing something about it. In my mind it is becoming part of business now.
Lots of new statistics out recently and Gartner in particular have produced another piece of research so tell us more about that?
Gartner basically came out with research that said in 2 years time 10% of all enterprise security spend will be in a cloud, now that's a frightening frightening stat from most technology vendors and most security providers. Why, because most of their technology is designed to be on premise a lot of people find a great living selling widgets to customers so the new answer is selling lots of widgets to customers so the new answer is if it's an issue what you need to do is get a new widget which we will be happy to deploy on your site. What the Gartner research tells people is that they are just not thinking about security as a service they are just not thinking about the problem and they need to start thinking about security as a service and how the service provider can fix the problem for them, I don't believe a lot of companies are in a position to actually respond to that very serious issue and to my mind if you look at one of the current threats at the moment denial of service there are a lot of pieces of tin out there which will actually defend against the denial of service what is missing however is the service right behind that it is all good and well to have a piece of tin that tells you that bad things are happening but you need security experts to respond to it . A lot of the denial of service attacks are loan slow attacks it is not people chucking a lot of traffic at a website it is people chucking directed traffic at a website very deliberatly slowly and very deliberately exhausting recourses. The only way you can counter that is by having someone watching on a 24/7 basis. Staff might work office hours, the bad guys don't. That gradual shift towards services is in it ............ and will happen. What surprises me is that it is so quick 10% is a huge number if you consider the amount of IT spend at the moment especially on security for that to shift within 2 years is a significant shift.
One of the solutions that SecureData are offering here at Infosecurity Europe involves a partnership with Arbor Networks doesn't it tell us more?
Yes you know I love talking about technologies but do you know what I think there needs to be a mind shift change in customers actually. I have met no customer that wants an Arbor solution and I have met no customers that want a checkpoint solution or a juniper solution or Sisco solution. I have got a lot of customers and a lot of service attacks and a lot of customers that have to deploy a lot of server capacity to make sure that the infrastructure does not go down if somebody targets them. This is what the relationship between us and Arbor is. I must say it is not just about technology what we are going to do as a service provider is to provide a service to customers and in the end technology is a by product of that due to what is happening in real time. I think you will see that in lots of other areas. It is not just in an old service I think that if you think about some of the more mature securities like my own service most people would subscribe to a service in the clouds they don't really care about the technology behind the scene they only care about the service they care about not being spammed. They care about not getting malicious downloads in an email. That is really where the focus should be. You know we can't take away the technology mystic and say what's the problem and what's the service that will respond to that issue. I think going back to our conversation about the thing with Gardner the whole issue will that whole mind shift will start happening with companies over the next couple of years.