Symantec CEO meets with Canadian government

OTTAWA – Symantec’s new CEO, Enrique Salem, used his first official Canadian appearance to urge public sector IT professionals to “operationalize” security and ensure that protecting information helps achieve organizational objectives, rather than gets in their way.

Speaking at IT World Canada’s annual GovSym conference on Tuesday, Salem recalled a conversation with a chief information security officer (CISO) of a large organization who was “bemoaning the fact that no one in the organization wanted to talk to him or include him in the important meetings.

“That’s when another of his colleagues said to him, ‘You’re really good at saying no,’” Salem told the audience, which largely consisted of CIOs and IT managers with federal, provincial and municipal organizations. “That’s the problem with a lot of security professionals. You need to enable the business, to use risk as a way of having a constructive conversation.”

Although most security professionals are focused on eliminating thwarts from hackers while guaranteeing maximum uptime and availability, Salem suggested that it may be necessary for the government to choose its battles. “What’s worse – a server going down or data being lost?” he asked. “The first is bad if you’re transaction-oriented, but we have to recognize that the data is more important.”

Some organizations go too far in the interests of security, according to Salem. He cited a firm in which an IT professional mandated that the auto-complete feature in Microsoft Outlook be disabled, just in case a message was inadvertently sent to the wrong person. Instead, everyone would have to manually key in e-mail addresses every time. “In the name of security, they hurt productivity,” he said. “How can that be the right answer?”

Salem noted, however, that the nature of security threats was changing, and the level of vulnerabilities on the increase in many public sector organizations. The Symantec president – who was appointed to his post earlier this year after being hired as the company’s eighth software developer many years ago – described malware created in the 1990s as “Warholian threats” which sought 15 minutes of fame by infecting as many people as possible. Today’s attacks, in contrast, are highly targeted. Last year Symantec had to write 1.6 million signatures into its software, more than in the past 17 years. “What will it be next year? Five million? We don’t know.”

Symantec is also focused on a reputation-based approach to security through a project code-named Quorum, which will analyze applications and assign them a rating or score based on a series of attributes. This could include software that is used by many people, such as Microsoft Word, versus a potential piece of malware that would be expose to only a small group of people. Quorum might also look at how long the application has been in existence, he said.

This year’s GovSym theme was “people are the new perimeter,” which Salem endorsed as a key area of focus for security professionals who need to address internal as well as external threats. For Denise Ernst, director of IT security and recoverability at the Ottawa-based Canadian Payments Association, this extended to how well people work in teams to achieve a common goal — a concept that can surface in unexpected places.

“I saw the new Star Trek movie recently and it just struck me how much it was all about the people,” she said. “The reason the Federation (a Star Trek government organization) succeeded wasn’t about the rules or the documents but all the officers pulling together.”

Salem challenged Canada to show leadership in the standardization of security, including the recently developed Secure Content Automation Protocol (SCAP), and explore how it can be applied here.

GovSym wrapped up on Tuesday.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now