Art Coviello: Though I don't have an engineering background, I was always fascinated by technology, and I'm a greatly curious person. I feel some of the smart people were in technology and I love to hang out with creative people. While I started my career in public accounting, I ventured into tech five years later. Now I've been in technology for 30 years.
CWHK: Would you still be in accounting if you weren't in technology?
AC: I can't see myself in any other field, having been in technology for that long. Over the years I took on more and more operational responsibilities, and I learned enough about technology especially during my years in RSA. I have formed my vision of what are required in security.
With an accounting background, I have a good sense of how systems are supposed to work--one of the things I did as an accountant was to study system and internal control. So I learned a fair amount of logic--in terms of how systems are supposed to work--which is applicable to the development of technology to be used to secure systems.
CWHK: How will increased cloud deployment and "big data" change security?
AC: Firms spend so much--two-thirds or three-quarters of IT budgets every year--to maintain existing systems. But now cloud computing represents a tremendous opportunity for us to apply far more information in those systems.
Let say tomorrow we'd put everything into the cloud and leverage virtual infrastructure. Billions of dollars today spent on hardware, software, and networks could then be repurposed to use information in unprecedented ways--this is the promise of cloud. That brings you right into the concept of because there's so much information out there that can be processed and used if we can figure out ways to get hold of it.
I recently learned that 40% of food grown in the developing world is wasted before it's available in the market, and 40% of food in the developed countries is wasted in stores and homes. If we could apply technology and cut that waste into half, we could feed a billion and a half people. We can also apply technology to improve energy efficiency and solve other problems.
It might be near the end of my career, but I can see that clearly in the next ten to 20 years we will be able to make promising breakthroughs in the use of information. This is achievable only if we can trust that information won't be stolen, manipulated, or lost--security technology has a key role to play in this.
CWHK: How would BYOD impact businesses in Hong Kong or Asia Pacific? What is BYOD's implications in terms of risk management, data protection, and data management?
AC: There are four ways of looking at this. First, the Web has opened up infrastructures not just to workers, customers, suppliers, but also hackers.
Second, hackers are increasingly sophisticated--there are from nation states; organized cyber crimes by criminal ecosystems and elaborated supply chain of attack designers, money launderers, and information stealers.
Third, we can leverage virtualization technology in the cloud to improve security by consistently applying policies and updates to all virtual machines. But if we don't take advantage of virtualization and do all these, the glass could end up half-empty.
Fourth, IT organizations need to manage control when it comes to BYOD. They also need the ability to tell the difference between a normal transaction or flow of information and the abnormal ones. On top of that, IT needs to create security constructs that can leverage features of individuals' devices in some instances, but work independently in others--I think this is the answer to BYOD.
CWHK: What were Hong Kong customers especially the banks' responses to the RSA security breach last year? What did RSA do to ensure the effectiveness of its two-factor-authentication tokens?
AC: We met our concerned customers in Hong Kong after the incident. We had remediation processes and upon request we replaced their tokens. We also issued official letters explaining the situation and how we handle it so that our customers can share with their auditors or board of directors.
Equally important is that we gave remediation advice within a day after our knowledge of the incident. The stolen information [from RSA] can't be used in any successful attack. What's never reported in the media is that there isn't a single incident where a customer suffers loss due to the RSA security breach. One of the [media] reports said that information stolen from RSA was actually used in an attack, but that attack was defeated.
CWHK: Is there any chief security officer at RSA? Do you think CIOs can also serve as CSOs?
AC: Yes, there is. CSOs have specific areas of expertise while CIOs are generalists who have understanding of infrastructure, security, and applications. CIOs are almost like general managers who will be more focused on helping organizations apply information to support business missions and objectives. So I don't think they can replace each other.
CWHK: Do you think the role of CIO will become obsolete in the next five years as businesses are using more utility-based tech or cloud computing?
AC: No. The CIO role will change--it will become far more strategic and interesting. That's good news to CIOs. I think CIOs will need people to help them manage infrastructure as more of them will be moved to the cloud.
In addition, we'll rapidly see the new title "data scientist" in organizations. CIOs will have data scientists to make great use of big data applications.
CWHK: What inspires you as a business leader?
AC: Applying technology to solve big problems. We are in an unprecedented period when we can use technology to solve problems like never before. We are an enabler and able to change the world. Nothing's more exciting than that.
CWHK: Talking about leadership development, are you hiring more people or reducing headcount this year, given the economic uncertainty?
AC: We will add people. We grow much faster--almost twice faster--than the market. In Asia Pacific--especially China--we grow even faster.
CWHK: What types of executives are you looking for in Asia Pacific?
AC: We have advanced development capabilities in Shanghai and engineering capability in India, plus support centers in Australia, Japan, China, and India. So we will hire more technical people, consultants, professional services executives, sales, and sales engineers.
CWHK: How do you compare the younger generation of executives and executives about your age?
AC: I'm an optimist. I want the next crop of executives to be smarter and energetic, and I believe they will be.
The Internet has shrunk the world immeasurably. The US had a tendency to be myopic--people there are now more sympathetic to other cultures and nations. I see that as positive. The younger executives will do a better job than my generation and solve more problems, many of which were created by the baby boomers.