Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Q&A: Raimund Genes, chief technology officer at Trend Micro

CTO talks global trends and what security issues are in store for 2012

The global CTO speaks to Computerworld Australia about government security trends, off-shoring data and the top three issues facing security professionals in 2012.

I understand that you work particularly in the government sector. What kinds of security trends are you seeing in the government space?

Cloud computing is a ‘no, no’ for government customers. It is pretty funny when they discuss it because the rules and regulations haven’t been made for this — it’s the wild, wild west.

What is interesting in government is that they have said 'don’t bring any private devices'. Consumerisation is happening, even in the government space, and people want to use their preferred mobile phone and they don’t want to be forced into using one device. It isn’t only happening in the private industry but also in the government sector.

Do you think these trends are global or local? What have you noticed particularly about Australia?

Some countries are stricter about interchanging data with other countries but trends are mainly global. Especially with Trend Micro, we work more and more with law enforcement around the globe. They see things that we don’t see and we see things they don’t see, and [we] put this together.

I think we have international cooperation but you have local laws, and they apply to the internet and how we use computers and these override it. I see this in Europe where you have the eurozone and there is always debate, and it’s always decided case by case. You never know how decisions are made and this makes international co-operation very difficult. We are working with Interpol and when you talk with these guys, you realise how difficult it is because cyber crime knows no boundaries.

What do you think will the top three issues be in the security space for 2012?

There is mobile malware and people are ignoring it and denying it...at the moment we see around 700 [pieces of] mobile malware, and next year we calculate that this will rise to 120,000 and next year we’re scaling up our systems to be able to handle that. It is a big increase, and the first mobile malware for Android happened last year — it was within one year that it went from 1 to 700 [pieces] and if it continues, it will hit 120,000 [pieces] next year.

The second issue is virtualization security, and that’s a big thing because technology hasn’t been tuned to work within a virtualized environment, because virus scanning and content security is resource intense. There will be more and more demand for specific solutions.

Botnets and other threats will be more targeted and more local and [cyber criminals] will make more money with it.

Does Cloud computing pose a security threat?

I think it’s a hyped topic and public Clouds have been much hyped. According to Gartner, they have been hyped around their lifecycle and analysts are guilty as well. The term was first used by Eric Schmidt in 2006 I think, and it was used way before but not in the same way we use it now. Everybody was thinking that it was about saving costs, they were testing it and then realised that it wouldn’t be that easy. If you didn’t rewrite your data for an application, you would be doomed. There was the Sony outage in April and so many people’s data was lost. It isn’t that easy.

Working in the government space, what do you think of off-shoring government data?

I don’t know if it could be done but people should look inside, because under the US Patriot Act, certain things are possible which people don’t know about. For example, if you select an ISP in Australia which is owned by a US company or if a US company has a minority share, the Patriot Act [can be] applied.

What’s the vibe around mandatory data breach laws and are we any closer to implementing them?

That’s a difficult question to answer. When you look at the data breaches and so on, there are a number of things that could go wrong. Normally, it’s a network, or a human. When someone clicks on a link that they aren’t meant to, it is very tightly related to social engineering, and it has nothing to do with a specific country except companies believe in what the security industry have told them. I openly say that we are guilty by stating 100 per cent [security success is possible]. We haven’t stated this for the past 10 years, but a lot of other companies still do this. So companies invest in security and think that nothing could go wrong. What I call it is risk management. You reduce the risk but you never guarantee 100 per cent.

Follow Lisa Banks on Twitter: @CapricaStar

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Gartner, Interpol, Sony, Trend Micro
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: 2012 security trends, cloud security, government, Raimund Genes, trend micro
Latest Blog Posts
Whitepapers
  • Virtual Certainty - Best Practices for Gaining Monitoring Clarity in VMware Environments
    The benefits of virtualisation are unassailable: increased agility, scale, and cost savings to name but a few. However, so too are the monitoring challenges posed by these environments—including complexity, lack of visibility and control, and inefficiency. This white paper reveals the best monitoring practices to employ in virtualized environments—best practices that are essential in enabling organizations to overcome their monitoring challenges so they can get the most business value from their virtualisation investments.
    Learn more »
  • Managing IBM License Complexity
    IBM provides thousands of products in its portfolio and uses a variety of license models, contract terms and conditions. These license models can be very complex, causing frequent confusion for organisations trying to grasp the concepts while maintaining license compliance. While at first IBM licensing may seem incomprehensible, some education on the license models and licensing scenarios will help minimise the confusion. In addition, a more automated approach to managing licenses enables organisations to gain control, reduce ongoing software costs and minimise license liability risks. Read on.
    Learn more »
  • Oracle SOA Suite – Oracle BPEL Process Manager
    Changing markets, increasing competitive pressures and evolving customer needs are placing greater pressure on IT to deliver greater flexibility and speed. In response to these challenges, leading companies are adopting Service-Oriented Architecture (SOA) as a means of delivering on these requirements by overcoming the complexity of their application and IT environments. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.