The day before RSA Conference 2008, the San Francisco Chronicle would explain this year's convention's objective : "Fixing Computer Security". For his very first keynote of the show, Art Coviello gave some specifics as how he intended to reach his goal. He wants to focus on the data itself, and advocated "intelligent security" (meaning current security isn't ?). "We need to go beyond tools that blindly shut off access to the data, toward tools that take it into account and secure it smartly along its life cycle", says Coviello.

According to him, that's how security will shift from a "don't do" to a "can do" role within enterprises. This vision of security mingled with the information life cycle is in line with Art Coviello's speach delivered the year before at the same place. He shared then the concept of "Information centric security", which tries to tie more closely security with the information it protects. A concept that seems quite popular at the moment, with Symantec CEO John Thompson referring to it himself. And with secure information management comes Data Leak Prevention (DLP).

There's nothing new here, of course : a series of acquisitions in the past 18 month put DLP under the limelight. But having that subject being the first in Coviello's keynote shows how important DLP has become. "It's all about managing risks from an information - meaning data - point of view". says Tom Corn, Products VP for RSA's Data Security Group. But if the baseline is clear, this vision implies quite a change in the security landscape. Art Coviello strongly believes that an independent security industry has no reason to exist. Security has to melt with infrastructure. Facing 4,000 security professionals pleaded for companies to re-evaluate what security means to them, in a more holistic view and focusing on aligning it with its risks. Of course, Coviello conveniently followed up announcing five new consulting services aimed at help organizations assess their risks. Those services are : 

• Information Risk Assessment : for a global assessment of risks and help defining a remediating program including governance, security policy, data protection, authentication, etc...
• Information Policy Development : to define and adjust security policies
• Information Policy Program Development : to align security practices with business needs, and help with the compliance effort.
• DLP Risk Advisor : to help organizations identify and classify its information
• Assessment Service for Storage Security : specific security for storage infrastructures.

Finally, even though Art Coviello did not under-estimate the need for compliance, he warned security professionals to only chase compliance. "It may weaken the organization by forcing them to invest in controls that do not cover actual risks they are facing", concludes Art Coviello.