The move into the digital world has caused tremendous opportunity, but also tremendous risk of breach. Because the need for security traverses almost every sector as well as many aspects of our public and private lives, the security industry is not just a crucial component to the Massachusetts economy but is critical to enabling economic growth and innovation.
We spoke with Bob Brennan, CEO of application security provider, Veracode, to get his thoughts on the challenges and opportunities facing the security sector in Massachusetts and beyond.
What are the current challenges with securing software code and devices and what future trends do you see on the horizon to combat these challenges? Our world runs on software, and as a result companies of all sizes and in all industries are producing more code than ever before. And to help the development processes move faster they are augmenting their own development efforts by integrating open source components and purchasing third-party solutions. The problem is this software isn’t created with a hostile environment in mind. It is created to be functional. What makes securing this code so difficult is the speed at which it must be produced, and the many sources of code. How can you trust open source components in the age of Heartbleed, but how can you innovate without depending on them?
What I see on the horizon is a greater dependency on people, process and technology to assess the software that is built, bought and borrowed by enterprises. The method of manually testing code will not scale, nor will depending on tools to assess all this software. As reliance on software grows, so too will the reliance on a systematic approach to finding and remediating vulnerabilities.
What do you think will be the biggest innovations in the security sector in the next 10 years? Runtime Application Security Protection (RASP) is not only a major innovation for security, it will be transformational to the security market. RASP is designed to protect applications by adding protection features into the application runtime environment, and it allows enterprises to secure applications in real-time, not just during the development lifecycle. Additionally, from RASP we will see new methods and technologies used to secure applications arise. It is much like the advent of packet inspection technology. This was transformational because it spurred an entire generation of security from firewalls to IPS to web gateways and more. Like packet inspection technology, we will see new methods for protecting applications evolve out of RASP. From RASP we will gain the ability to secure applications at all phases, development, testing, and production.
Where do you think there are areas of opportunity for Massachusetts security tech companies to lead? As dependence on software and technology grows, so too will the need for security. Attackers are going to continue finding ways to penetrate organizations, and without reliable ways to reduce vulnerabilities and protect applications, innovation is going to falter. Innovation will depend on our ability to secure the software that runs businesses, and the security industry can be a leader by enabling this innovation through security. The security community is strong in Massachusetts mostly because many of the leading security experts are here.
What are the biggest challenges now and in the foreseeable future for the security sector? It’s a great time to be in security. Never has the need been so apparent, and as a result we are seeing more companies enter the sector than ever before. Cybersecurity ventures keeps a list of the top 500 security companies. There are enough IT security companies to create a list of the 500 hottest. And not only do you have pure play security companies on that list, but all the big-guys want to get into the security sector as well.
So, one of the biggest challenges is differentiation. The security market is diverse in terms of the way each company helps reduce risk for the enterprise. There are some big players, and some niche players. There are also a lot of small imitators with messages of “advanced: or “next generation” approaches, when all they really have is seed funding. The biggest challenge each company faces is demonstrating how their technology fits into the security puzzle. And the fact is, not all technologies will survive. Some will be integrated into other technologies or swallowed up by larger enterprises looking to get into the security game.
What are you most excited about that you’re working on now? Veracode is working on some exciting new technologies, some of which I can’t talk about yet. Of course our work on a RASP technology that will protect applications as well as reduce risk has is electrifying.