Workshops‎ > ‎cs-ga-2010‎ > ‎

Elad Yoran


Security:  Emerging from the Black Hole of Innovation

The Information Security industry has evolved through at least two cycles of innovation in the last 15 years. We experienced a tremendous wave of innovation during the period of the mid-to-late 1990s. Then, from 2000 through 2009, the Information Security industry experienced a black hole of innovation. This experience was caused by multiple reasons including an over emphasis on regulatory compliance. Regulations such as HIPAA, SOX, GLBA forced corporate leadership to spend resources on “security”. However, the true nature of checklist-based spending is that it shifted resources from true security-based decision making. Imagine if you will a world in which all our security entrepreneurs were CPAs, clearly not the most innovative people. Another phenomenon that happened in the last decade was the realization of the original 1990’s era promise of the Internet, but with newer enhanced technology. Social media, mobility, Web 2.0, Cloud, SaaS and other trends are dramatically changing the way governments, businesses and consumers use technology. Information Security is now forced to catch up, and as a result, we are now entering the second great wave of security innovation. We are already seeing the new pioneers beginning to make their mark in critical areas such as mobility security, cloud security and machine-to-machine security, among others. I will go into some of these in greater detail. What are the risks that may slow this wave? The first is the general economic environment. A second is relative scarcity of angel and venture capital. A third, is an ever increasing role of government in the information security market.